EDITORIAL: Secure Data on Laptops
By Victoria Advocate, Texas
Jun. 20–The surprise is not that the U.S. Department of Veterans Affairs lost data on 26.5 million military personnel, both retired and on active duty, when a laptop and external drive were stolen from the home of a VA employee.
The surprise is that this kind of incident does not happen more often.
Not so many years ago, in what now seems like the Dark Ages of computer technology, laptops were not nearly so sophisticated as they are today. Workers who traveled frequently used them for convenience but usually transferred the data to their desktop computers as soon as they returned to their offices.
Not so anymore. Fast, high-powered laptop computers with ever-growing space for data storage increasingly are replacing desktop models. Today’s larger screens also make laptops increasingly popular for daily desktop use.
The downside of this convenience and portability is that the data on laptops leaving the office are not always adequately secured.
In the past year, at least 29 laptops containing sensitive data, such as Social Security numbers, health records and addresses, have been stolen or misplaced, according to the Privacy Rights Clearing House of San Diego, Calif.
“It is shocking how many of these are stolen laptops and that fact that the users of the laptops did not use encryption to secure the data,” the clearing house’s director, Beth Givens, told The Associated Press.
“Laptops have been stolen from cars, gone missing when checked for airline flights and been taken from offices and employee homes. Hospitals, universities, consulting firms, banks, health insurers and even a YMCA have lost personal data,” the AP reported.
In some instances, employees are carrying that data as part of their work assignments. In other cases, though, workers have little good reason for taking sensitive information out of their offices.
The latter should be more readily dealt with. Employers should make unauthorized carrying of confidential information on laptops outside the workplace a firing offense, then rigorously enforce this policy with spot checks of laptops as they both leave and enter offices.
“That data should not be readily available by someone simply walking it out of a building,” August Woerner, an 80-year-old World War II veteran from Westerly, R.I., told the AP.
Encrypting confidential data when it is legitimately carried outside the office on a laptop — and even when the laptop stays in the office — should be a standard operating practice in both the public and private sectors.
There is no foolproof way to protect confidential information on computers, whether laptops or desktops. But using the security that is available and is constantly being improved and upgraded would help protect sensitive data when traveling laptops are stolen or lost.
Government agencies owe this to their clients, as do private businesses to their customers. Agencies and businesses that fail to take appropriate steps to protect confidential information that does not really belong to them show disregard for the people they are supposed to serve.
—–
To see more of Victoria Advocate, or to subscribe to the newspaper, go to http://www.thevictoriaadvocate.com.
Copyright (c) 2006, Victoria Advocate, Texas
Distributed by Knight Ridder/Tribune Business News.
For reprints, email tmsreprints@permissionsgroup.com, call 800-374-7985 or 847-635-6550, send a fax to 847-635-6968, or write to The Permissions Group Inc., 1247 Milwaukee Ave., Suite 303, Glenview, IL 60025, USA.