Information and Privacy Commissioner Frank Work is once again scratching his head at the lack of proper security on portable computing devices that hold personal information. In the past month, there have been seven self reported breaches of personal information, each involving a stolen or lost laptop or digital device.
Work finds it incomprehensible that in this day and age organizations can’t figure out how to properly protect personal information. “Encryption technology is pretty much commonplace, and it’s irresponsible that an organization would allow this stuff out the door, without ensuring it’s protected”.
Work adds these organizations are putting a lot of people on edge, worried about the potential for ID theft or personal embarrassment, and there’s no reason for it, “When I hear about breaches like these, all I can say is…really? Is there a need to put people though this, when the information could easily be encrypted? And, these organizations put themselves through a lot of extra work, cost and loss of credibility, when they have to notify individuals that they lost their personal information”.
The law in Alberta requires businesses to notify the Commissioner when personal information is lost.
Work adds that organizations need to do a better job at setting proper standards for protection of personal information. “Does this information need to be on a laptop? Should employees be allowed to access it from a secure server instead? Is there a need for personal information of hundreds, maybe thousands, of people to be stored in one place? Are all devices properly encrypted? This is not rocket science folks!”