Friday, June 26, 2009

Alberta Commissioner fed up with unencrypted laptops

I can just imagine Frank Work's expression of exaperation in uttering the quote attributed to him in the following media release:

Level of security on stolen laptops simply not acceptable, says Commissioner

June 24, 2009

Level of security on stolen laptops simply not acceptable, says Commissioner

Information and Privacy Commissioner Frank Work is perplexed with news that two laptops containing health information stolen from Alberta Health Services (AHS) were not encrypted. “This is shocking for me...I don’t know what we have to do to drive this message home” says the Commissioner. “The standard in Alberta for storing personal or health information on portable devices is encryption. I can’t accept anything less. This is highly sensitive information and an issue of public trust. How can the public have faith in public bodies if they can’t provide security for personal information?”

Two laptops with health information of more than 300,000 people were stolen earlier this month. Information on the laptops included names, birth dates, personal health numbers and lab test results for communicable and reportable diseases.

The Commissioner says AHS did have layers of protection on those laptops, but the final layer simply was not there, and while the risk might be low, there is still a risk, “A person with motivation and sufficient skills could still access the information. Risk remains without properly implemented encryption. The measures they had in place are better than nothing, but not good enough.”

Works says, “Encryption technology is readily available, and if you are going to store personal information on a portable device, you had better make sure that encrypting that information is a priority, a part of your business model, and an everyday occurrence, like making sure the door is locked before you leave home.”

The Office of the Information and Privacy Commissioner has launched an investigation into this matter. Work says, “We will be working very closely with AHS to make sure they understand their obligations and to ensure that steps are taken to prevent this from happening again”.

I pity the (next) fool who loses an unencrypted laptop in Alberta.

1 comment:

  1. Hey dude it was a great news you share with us here, its really the interesting blog..

    ReplyDelete