in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Full Disk Encryption: Edmonton Public School Board Employee Data Breach

A massive data breach has affected the employees of the Edmonton Public School Board.  Over 7,000 employees' information was saved to a USB memory stick which has gone missing.  It doesn't appear that the device was protected with disk encryption like AlertBoot.

A Techie Did It

The memory stick device was used by a computer technician who was working on a HR department computer.  He used it to download data -- perhaps as a backup?  It's never really specified -- and somehow the USB device went missing.  It was revealed that Edmonton's policies require that sensitive data be protected with encryption software,  something that was not done in this case.

Normally, an unencrypted USB stick being used wouldn't surprise me except that in this case it was actually someone working with the computer department that perpetrated the breach.  Now, I'm not saying that all techies follow their own policies: I've certainly met my fair share of techies who suffer from god-complex.  However, it's still pretty jarring.

It's also stupid.  For starters, a techie can't claim or feign ignorance when something goes awry with unprotected data.

Privacy Commissioner Makes Observations

This is what the provincial privacy commissioner had to say about the situation, according to cbc.ca:

Provincial privacy commissioner Frank Work said the school board violated its own policies.

"First of all, according to school board policy, you're not supposed to use an unencrypted stick," said Work. "They did."

"Second of all … they're supposed to keep a list of what they download … onto a portable device, like a stick. They did not. And the third way they breached their own policy was they had kept too much information too long."

And yet, the board will not be penalized financially because "it has already spent thousands of taxpayer dollars to sort out the mess."

I agree.  It seems like they should be penalized in some other way; after all, fining the board only means that tax payers not associated with this case will bear responsibility for the incident.  Instead, someone ought to be disciplined for this latest breach: a demotion, a termination, cut wages, etc.  Otherwise, it just creates moral hazard.

Related Articles and Sites:
http://www.cbc.ca/news/canada/edmonton/story/2011/04/13/edmonton-school-board-employee-privacy-breach.html
http://www.inews880.com/Channels/Reg/LocalNews/story.aspx?ID=1401920

 
<Previous Next>

Drive Encryption Software: Albright College Computers Stolen, 10,000 Affected (Updated)

Cost Impact Of A PHI Data Breach: ANSI/Shared Assessments PHI Project Looks To Answer Questions

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.