Tuesday, April 05, 2005

Berkeley Chancellor on Data Theft

In the aftermath of the Berkeley laptop theft (see PIPEDA and Canadian Privacy Law: Incident: Stolen Berkeley Laptop Exposes Data of 100,000), the University Chancellor has sent a letter to all affected individuals. (Secondary Screening has a copy of the letter online.) It is a good example of damage control and worth reading.

The letter also outlines what the University is doing about the problem and I have to applaud them for taking the initiative to adopt a policy of mandatory encryption of computer systems containing personal information:

Secondary Screening: Berkeley Chancellor on Data Theft:

"2. While this expedited audit is underway, we will move quickly to require the full encryption of all personal information stored on departmental computer systems. We will also require all units on campus to review again personal data stored on departmental machines and to remove all unessential data."

As I've mentioned before (PIPEDA and Canadian Privacy Law: Managing privacy risks using basic technology), encryption can often be your last line of defence if everything else breaks down.

No comments: