The Chairman of the UK Revenue and Customs has resigned following the loss, in an internal mail system, of two CDs containing confidential personal details of 25 million taxpayers.
This is the third high-profile data loss case concerning Revenue and Customs in recent weeks. In October another CD went missing, exposing customer details to identify theft. Revenue and Customs refused at that time to comment on whether the data was encrypted. Also in October, a laptop containing confidential customer data was stolen from an employee’s car, a type of incident which has recently be described by the UK Information Commissioner as “gross negligence” on the part of the laptop owner.
Do not jeopardise the job of your own CEO (and your own job!) by allowing this to happen in your organisation. Security safeguards are relatively straightforward to implement. For example, ensure that there are security protocols in place for identifying and labelling sensitive computer data, downloading such data to portable media and for sharing and mailing with outside agencies. At very least, this should include 256-bit encryption of anything which could be deemed as personal identify information.
Ensure, also, that all such information on laptops or employees’ home computers is protected with at least 256-bit encryption, which is relatively inexpensive.
Security managers seeking to gain a greater understanding of information protection, laptop security and encryption may wish attend the regular Information and IT Security Workshops, which are part of ARC Training’s Security Management Stage 1 Course. Forthcoming dates for the Information and IT Security Workshops are:
7 April 2008
11 August 2008
24 November 2008