The Information Commissioner s Office (ICO) has found Great Yarmouth and Waveney Primary Care Trust in breach of the Data Protection Act. The case just goes to show that it’s not only laptop computers that require hard disk encryption 1 , but desktops as well. According to the Undertaking signed by the Great Yarmouth and Waveney, two desktop computers were stolen, which led to the breach of personal data for 1,000 occupational therapy patients and staff.
The lack of encryption software 2 was not the only security oversight: There was no password protection (as useless as a snake tonic in these modern times) The computers were in a building with no intruder alarms The internal doors had no locks The computers were not secured to office desks The (easy) theft of the computers has led to the beach of trade union membership details and patients’ physical or mental health information–although, I’m willing to bet some of the staff are experiencing sudden mental and physical health ailments, too. A Faux Pas? Of course, Great Yarmouth and Waveney has promised to better protect their data.
As such, they have agreed to use encryption on laptops. On desktops, they’ve agreed to use “strong passwords.” Wait, hold on. What?
The reason why encryption is used on laptops, instead of rudimentary password-protection, is because password-protection is worthless when it comes to data security. If a laptop is stolen, password-protection will provide little security. Hence the use of encryption.
How is this different for a stolen desktop computer, though? As the above case has shown, desktops are not impossible to steal. And, the only thing differentiating a desktop from a notebook computer is the size.
In other words, desktops need encryption 3 , too.
I can’t understand how the ICO has allowed disparate security measures to be used for the same exact problem.
Related Articles and Sites: http://www.databreaches.net/?p=8257 http://www.ico.gov.uk/upload/documents/library/data_protection/notices/great_Yarmouth_pct_undertaking.pdf 4 5 References ^ laptop encryption software (www.alertboot.com) ^ centrally managed encryption software (www.alertboot.com) ^ SMB encryption (www.alertboot.com) ^ http://www.databreaches.net/?p=8257 (www.databreaches.net) ^ http://www.ico.gov.uk/upload/documents/library/data_protection/notices/great_Yarmouth_pct_undertaking.pdf (www.ico.gov.uk)