in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption: UK's ICO Will Start Fining Companies To Set Examples

Nearly six months ago, the Information Commissioner's Office in the UK gained the power to fine companies that are in breach of the Data Protection Act, up to £500,000 in penalties.  As I've pointed out before, the use of drive encryption software for protecting entire laptops and other portable devices, and file encryption for protecting individual files and folders, would help in radically reducing or even eliminating such fines.

I thought that this message would get lost, since in the six months since, the ICO hasn't fined a single organization that was involved in a data breach, no matter how egregious the loss of data.  This could be changing though: the ICO has "confirmed that it is in the process of imposing fines against organisations that have breached the Data Protection Act," according to v3.co.uk.

"We Will Be Actively Using This Power"

Deputy information commissioner David Smith was quoted as saying the following:

"This will be a landmark moment in ensuring that firms take [data protection] seriously," he said.

"There have been a lot of questions asked of us about whether we are actually going to fine firms, and I can assure people that we will be actively using this power."

Smith declined to reveal any details of the companies involved, but said that information will be posted online "in the near future".[v3.co.uk]

There are a number of other points Smith goes into, including how companies should not be collecting just because they can; if they don't have a use for it, don't collect it.  This is actually one of the keystone principles of data security: you don't need to secure what you don't have.

And, seeing how data breaches are revealing themselves to be a "when, not if" situation, not collecting unnecessary information is something to think about.  Not collecting information other companies are collecting might be a competitive disadvantage, but so is getting involved in a data breach.

The Importance of Encryption Software

In the past, the ICO has made a point of ensuring companies promise to use encryption on their portable devices as part of an Undertaking.  In fact, I have a post--UK Information Commissioner Can Fine Company £500,000--quoting an Undertaking straight from the ICO's website.

If you follow the link, you'll see that there are other issues to consider aside from the use of encryption, such as ensuring adequate physical security and education of staff, but the very first item is the use of encryption.  Not that I believe that these things are ranked in order of importance, but still, wouldn't you say it's symbolic?


Related Articles and Sites:
http://www.v3.co.uk/v3/news/2270673/ico-confirms-breach-fines
http://www.alertboot.com/blog/blogs/endpoint_security/archive/2010/01/15/data-encryption-uk-information-commissioner-can-fine-up-to-500-000-pounds.aspx

 
<Previous Next>

Data Security: How Kern Medical Center Responded To A Data Breach

Full Disk Encryption: Sandiegofit.com Break-In Results In Data Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.