I recently read a news release by the Alberta Office of the Information and Privacy Commissioner that indicated there are still high incidences of laptops containing personal information being stolen—without having security measures such as encryption put in place. The commissioner was left scratching his head.
The commissioner found it odd that organizations would not take the time to properly protect personal information. He stated, “Encryption technology is pretty much commonplace, and it’s irresponsible that an organization would allow this stuff out the door, without ensuring it’s protected.”
The commissioner also commented that these organizations were putting a lot of people on edge, given the potential for identity theft or personal embarrassment. On the same note, when a laptop containing personal information is stolen, the organization faces more work, cost and embarrassment because they have to notify individuals that they lost their personal information, and it might be used for illegal purposes.
I’m wondering: what kind of security measures do you have in place in your organization? What type of physical and technological protections do you have to prevent privacy breaches?
First Reference Human Resources and Compliance Editor