Whilst the rest of us enjoyed an extended bank holiday weekend to celebrate the Queen's Jubilee, MP Harriet Baldwin was dealing with the consequences of having two laptops containing 'sensitive information' stolen from her parliamentary office.
What is most disturbing about this story is the fact that the laptops in question were being held in one of the country's most secure parliamentary buildings, complete with a police guard. These devices were not lost or left carelessly in a public place as has been the case with other public sector data losses.
What this proves is that careful storage is simply not enough to protect our devices from those people intent on stealing them and the sensitive data they may hold, and this issue is as pertinent for the private enterprise as it is for public bodies. At the end of this year organisations that lose data will have to report it publicly. The damage to corporate reputation this could cause is immense, especially within the financial sector, making it imperative for organisations to start thinking more seriously about their data security problems now.
Baldwin's laptops did, she says, have security settings that mean it would be difficult for anyone to access information but security settings and encryption aren't and shouldn't be the only options. Devices such as USB keys that can have their memory turned off, deleted remotely, or can even be located through GPS and GSM are a cost effective and simple way to recover lost or stolen devices and/or to ensure that the data they hold is only accessible to the authorised people. They can also act as a 2nd authentication device so that without it the lost or stolen laptop cannot be turned on.
In the long term, the UK's data protection laws need to be bolstered to help IT managers get the buy-in from both employees and the Board to implement a robust security policy. If you compare our data protection laws with other parts of Europe, the UK is far too lenient and changes could be made to support those responsible for their business's data protection.
For what Baldwin's bank holiday theft shows us though is that locked doors, police and encryption are all fallible, a robust policy that encompasses these more tangible security measures and innovative new technology is what is needed across all public and private organisations that hold sensitive information if we are to keep data from falling into the wrong hands and avoid the reputational damage and ICO fines that come with such data losses.Suggest a correction