Thursday, November 15, 2007

Alberta commissioner: "It' just nuts that we're not looking after this stuff better"

After an investigation into a stolen laptop from Alberta Capital Health, Frank Work has expressed some exasperation about how personal information is being protected:

Safeguard cyber-privacy

The Edmonton Journal

Thursday, November 15, 2007

Crafting sophisticated privacy legislation has never been more important, as lawmakers struggle to keep up with technological advances. And yet all the statutes in the world are no excuse for common sense.

"It's just nuts that we're not looking after this stuff better," exclaimed an exasperated Frank Work on Tuesday. Work, Alberta's information and privacy commissioner, had just released a report investigating the May theft of four laptop computers at a Capital Health office.

The study concluded that Capital Health had contravened the Health Information Act by not taking adequate security precautions. This was in spite of two previous warnings about the need for encryption programs. Capital Health has promised that it will have encryption for laptops installed by January and will soon provide the commissioner with a detailed implementation plan for other changes. Let's hope so.

Not that Capital Heath is alone. Work also announced another investigation into the theft of a memory stick storing personal details of 560 students attending Edmonton Catholic Schools. An employee of the board's school bus company kept the stick in her purse. The school board now insists bus carriers' memory sticks must be encrypted.

The hope is that other organizations are paying attention. Breaches in consumer information security have made all of us think twice when ordering online or even at the local cash register.

To be fair, a lot of bright people are working on this and lessons have been learned. Still, coming to terms with the storehouse of private information most of us carry around daily in various devices is everyone's business. As technology moves forward, we must remember that privacy is too precious to be taken lightly. That begins at home, at work and at school.

2 comments:

Anonymous said...

A very good point on common sense. Government and technology are only part of the equation. If people keep putting personal information in public Internet forums and not being responsible for their own information, identity thieves and hackers would still succeed.

A case in point, a story that Intergovworld.com (www.intergovworld.com/article/bcc35b140a01040800a1918e6edd2e29/pg0.htm) did on a recent hack on Monster.com's Web site really put into the spotlight how vulnerable we can become if we do not exercise caution about what we put on the Internet about ourselves.
Another interesting read on IT World Canada (http://www.itworldcanada.com/a/search/2cbff245-44d6-4a9d-8dc7-2f7f2945e847.html) talks about some online job hunting safety tips.

Danford Fulton said...

Ah yes, to every complicated question, there is a simple answer. It's easy, it's quick, and it's absolutely wrong.

Wrt the issue at hand, the large financial institution I work for recently installed encryption software on all laptops. The problem is, despite assurances to the contrary, saving files to a network will often (not always, but often) encrypt the file. Because computers don't share the same encryption key (otherwise, what's the point?), the file is unreadable. The encryption software - top of the line, I hasten to add - has in effect hauled us back into the pre-networked era.

Encryption software is not ready for prime time, a certainly no silver bullet. Protecting confidential information is going to require a fundamental re-thinking of who has this information and how it gets shared. We're barely in the first inning of figuring this out.