Credant says 109,000 pension holder data loss could easily have been avoided if laptop had encryption technology
May 2009 by Credant Technologies
The loss of personal details - including names, addresses, national insurance numbers and salary plus bank data - from The Pensions Trust could have been avoided if the laptop used by the organisation’s contractor had used onboard encryption, says Credant Technologies.
"The fact that the Trust is a not-for-profit organisation does not mean that it can bypass any of the stringent IT security safeguards or require similar controls to be implemented by its contracting companies," said Michael Callahan senior vice president of Credant Technologies, the endpoint data protection specialists.
"Basically the data held on the laptop should have been protected by the highest possible levels of encryption, given the potentially serious consequences that could result from the loss of this type of information," he added.
According to Callahan, the cost of the hardware - in this case the laptop - stolen in these types of incidents is frequently outweighed by the potential financial consequences of the data loss.
Most companies in this position will have taken out insurance to cover the costs of something like this going wrong with their IT security policies and procedures, but this will be of scant concern for the pension holders - many of whom work in the voluntary sector – whose data has been stolen, he explained.
The irony of the situation is that the data was being used by the contractor company concerned in its staff training, he went on to say.
"It is to be hoped that the firm will now review is procedures on using live data in training situations, and also start beefing up its IT security procedures, including applying a policy of encrypting all private data, whether at rest or in transit," he said.