St Albans Mourns Laptop Loss
by Rupert Beeby on Nov.27, 2009, under Governemt, Industry News, data security, security policies
St Albans City and District Council is the latest organisation to lose four laptops with personal data on over 14,000 voters. Files contained names, addresses, dates of birth, signatures, postal vote forms and statements which is all the information required to obtain a bank account.
Councillors were recently debating the loss and how the laptops could be stolen from the actual offices. Even though the data was protected, the portable devices were not physically secured. This goes against council policy of portable devices being physically as well as logically protected.
It also begs the question as to why personal data was held on portable devices. Such data should only be accessed on central resources and users prevented from copying to local devices. We shall see what lessons will be learned and then forgotten til the next time.
The council needs to develop an information classification with associated policies on protection. A simple Data Loss Prevention product would have prevented the personal data from being copied in the first place but, had it been copied then the data would have been encrypted. It is noted that one of the laptops was left for months on an unused desk with no one knowing that held all this data. This is why an information audit and classification is required to start to get some control.
This story has been widely reported so use these links for more detail (such as there is)!!
http://www.stalbansreview.co.uk/news/4760711.St_Albans_councillors_debate_laptop_theft/
http://news.bbc.co.uk/1/hi/england/beds/bucks/herts/8363514.stm
December 1st, 2009 on 11:53 pm
This really does highlights how much some of these organisations need to get to grips with securing not only the data but also the devices the date is held on.