Computer World UK – November 15, 2007:
The data protection watchdog has called for criminal action against those who lose individuals’ personal data on unencrypted laptop computers.
Information commissioner Richard Thomas and his deputy, David Smith, revealed to members of the House of Lords they had called on the Ministry of Justice to make it a criminal offence “for those who knowingly and recklessly flout data protection principles” where there are serious consequences.
Smith told the Lords constitution committee that an example might be a doctor leaving a laptop containing personal details of patients in a car. It was “hard to say [this was] anything other than criminal negligence”, he said.
Hmmm, interesting…
BUT, How do i prove my data was THERE..
Hey, nice new design, but the top part is totally screwed up. (I’m in IE.)
Let me guess the theives are the true vicims here now?
maybe they need to do some informational stuff on how to encrypt data?
i like the design too, but can the comments be numbered again? I’m too dumb to count which comment is which 🙂
Internet exploder here, too. It really explodes the new design. I think the other way was better.
I think the “criminal negligence” bit is a good idea; something needs to be done to encourage people to take care of the information in their care. But, that is a good point about “prove the information was there”.
I really loved the old site because it was so crappy looking. Now the entire web looks like web-2.0 design.
This isn’t bad, i just preferred the old site design because it distinguished itself by it’s crappy looks.
Nice design.. You top menu is messed up though in FF 2 on Ubuntu Feisty.
I think there should be at least *some* sort of penalty for losing unencrypted sensitive information. Actually, the better question is, why are organizations *allowing* this data to be stored on a laptop anyway? Why not force it to be on a centralized server and then anyone who needs remote access to it would have to use a secure tunnel or VPN connection to the central server.
-A
They should be charged. If they are required by law to take certain precautions when dealing with data and those precautions are not met, then the consequences should be obvious. If they don’t think they can protect my data, then they shouldn’t take it.
Criminal liability seems like a stretch but CERTAINLY they should have serious fiscal liability if they release private data without the permission of the individual — from loss of a laptop or selling it, or whatever.
I know of an office that has had 4 laptops stolen. 3 from an office that was broken into when someone let a contractor borrow a key (and they didn’t return it) and another when someone had locked a laptop in the trunk of their car while they ran inside their house and when the returned someone had broken into the car, popped the trunk and made off with the laptop.
I’m exploring full disk encryption packages now, something like safeboot.
I think that any concern, using Laptops for a business and/or service, that holds personal info, should have to be certified to meet some minimum software and config standards. And one of those would be encrypted data files, and tough password protection. Otherwise, no-go as a personal info processing device. But as we can’t even get the health insurance companies to standardize their own claims forms. It’s highly unlikely to get a law holding them, or doctors, or buearucrats responsible for P.I. protection and loss. They’ve all exempt from being responsible for anything. Only the average Joe can go to jail. The UK has at least got the balls to hold some of them responsible for these P.I. losses and thefts. Their doctors don’t dictate the laws they’ll follow, to the UK government, the way the US doctors/AMA does,
or the US federal employees do.
woopsy! – Use Safegaurd Easy’s Whole Disk Encryption – my company uses that… it takes HOURS to install or uninstall, but its hella encrypted