Wednesday, March 30, 2005

Managing privacy risks using basic technology

Over the last year and a bit, I've noticed dozens of privacy incidents (PIPEDA and Canadian Privacy Law: Summaries of incidents cataloged on PIPEDA and Canadian Privacy Law). So often, the incidents are too similar. When I read about a new incident, I often think that nobody must have been paying attention to any of the earlier ones, since the same mistakes are repeated over and over again.

One thing that is painfully obvious is that too few organizations are encrypting their data. Encryption is easy and you have probably already paid for the function (if you run Windows XP). If any of the organizations involved in the following incidents had encrypted their data, they likely would have avoided much of the damage chronicled below:

Computers, even servers, are highly portable and very easily stolen. Encryption of data on the hard drive (or backup tape) is the last line of defence. It is amazing to see that too few organizations do it. To state what should be obvious: encrypt your data.

No comments: