in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Encryption Software: Fairbridge Signs Undertaking With UK ICO

A youth charity, Fairbridge, has signed an Undertaking with the UK's Information Commissioner's Office, promising to better protect personal information.  Among the promises: the use of hard disk encryption like AlertBoot when and where it is necessary.

Two Cases

Fairbridge admitted to data breaches in its Undertaking.  In one, a laptop computer was lost at an airport.  The laptop contained personal information for 16 employees of Fairbridge, including "appraisals and supervision notes."  The laptop was password-protected.

In another case, a laptop was left on a bus.  The device contained information on 325 employees, including name, address, date of birth, and salary.

Neither of the computers were recovered, and neither of the computers used encryption software to protect the data. (Unlike some other organizations, the ICO never makes a mistake of claiming password-protection to be encryption or vice-versa).

As the Undertaking points out, "neither...contain any sensitive personal data as defined in section 2 of the DPA [Data Protection Act 1998]."  This is the reason why Fairbridge only had to sign an Undertaking, as opposed to paying a monetary penalty.

Doesn't Mean Encryption is Superfluous

Despite the lack of sensitive data, Fairbridge has "ensured the encryption of mobile devices that contain personal data" since the data breach.  It's a wise and practical move.

Nothing is better at protecting data-at-rest than full disk encryption.  It's so good at maintaining data secrecy that governments have set up agencies to break it -- such as the NSA in the US and the GCHQ in the UK -- and passed laws to force people to give up their passwords (such as the UK's RIPA).

Thankfully, there was no sensitive personal data on the two laptops.  But, there is no guarantee that Fairbridge will be so lucky in the future.  Once you start storing personal data, the deliberate or accidental storage of sensitive personal data is not too far behind, as experience has shown time and time again.


Related Articles and Sites:
http://www.ico.gov.uk/what_we_cover/taking_action/~/media/documents/library/Data_Protection/Notices/fairbridge_undertaking.ashx
http://www.ico.gov.uk/news/latest_news/2012/councils-must-take-data-protection-seriously-information-commissioner-warns-10022012.aspx

 
<Previous Next>

Full Disk Encryption: Craven District Council Signs Undertaking For Laptop Theft

Full Disk Encryption: Halton District School Board Data Breach Shows Value Of Whole Encryption

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.