December 13, 2010 by Canadian Underwriter
The Office of the Privacy Commissioner in Alberta says it’s “incomprehensible” why data encryption was not used in seven self-reported breaches of personal information over the past three months, each involving a stolen or lost laptop or digital device.
“Encryption technology is pretty much commonplace, and it’s irresponsible that an organization would allow this stuff out the door without ensuring it’s protected,” privacy commissioner Frank Work is quoted as saying in a press release.
According to media reports, five of seven security breaches happened in the Edmonton area.
In one instance, a digital camera and laptop with employee information were stolen from Alberta Sustainable Resources, CTV News reports.
In another situation, a marketing company lost employee information after a device was left at the airport.
In a third example, medical information of 2,700 children was stolen along with a laptop computer belonging to a researcher with access to Alberta Health Services files, the Calgary Herald reports.
Work said organizations must do a much better job at setting proper standards for protection of personal information.
“Does this information need to be on a laptop?” Works asks. “Should employees be allowed to access it from a secure server instead?
“Is there a need for personal information of hundreds, maybe thousands, of people to be stored in one place? Are all devices properly encrypted?
“This is not rocket science folks!”