Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Laptop losses at Pfizer demonstrates need for data encryption

SafeBoot : 17 August, 2007  (Technical Article)
Mobile devices need more than password protection in order to mitigate losses warns Safeboot
Personal workers at Pfizer, the pharmaceutical have managed to lose two laptops containing employee details. While the laptops were password protected the data was not encrypted. Tom de Jongh, product manager at SafeBoot, warns companies that failure to embrace data encryption technologies leaves them open to potentially limitless damages.

"More needs to be done to ensure the protection of sensitive data. Encryption really would have prevented the embarrassment Pfizer is now facing and kept individuals' data safe from prying eyes, and I am surprised that businesses are still not seeing encryption as an essential part of the security portfolio. However, the lack of encryption is not the main issue in this particular case, but it is the timeline involved.

"The dates need questioning: The laptop theft occurred on the 31 May, but it took Pfizer until the 21 July to write to employees. Surely the people who were placed in an extremely vulnerable position deserved to know about it? Well according the UK law, they don't. In the UK, if a person's data is stolen it is unlikely they will ever find out. There is no law making reporting mandatory. The damage to a company's reputation and share value can be enormous - just ask TJX after they posted a $256m loss following the recent credit card hack. Without the legal requirement to report information breaches it is more than likely a company will try not to inform the individuals affected in the hope that the loss will not be too serious.

"Lessons can be learnt from the US, who is streets ahead in the data protection game. Since 2003 Californian law has stipulated that all companies must report identity theft and inform individuals of the fact that their personal data has been stolen or lost.

"Last week, we finally saw the UK making some noise about implementing a similar law. The House of Lords Select Committee on Science and Technology has proposed a data security breach notification law. This is great news and will not only have the effect of making everyone feel safer, but creates more transparency about our data. It may even make companies think twice about their laissez faire attitude to data encryption."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo