The Post has another article on an NIH laptop stolen from someone’s car. The interesting part is that the Post points out that the laptop should have been encrypted:

The information was not encrypted, in violation of the government’s data-security policy.

At least there are policies about this now, but as we all know, most security policies aren’t followed because they’re annoying. Luckily, laptop encryption is not as difficult as it once was. TrueCrypt, SecureDoc, heck, even BitLocker, make hard drive encryption fairly easy.

The last paragraph in that story also goes on to say that personally identifiable information would not be located on laptops. I want to know how they’re going to manage that. People want to be able to work form home, they want to be able to work on the plane, or the airport. Perhaps in this specific instance, the personally identifiable information is not required for these people to do their job, but in many cases, some kind of identifying information is required. The only good option is full hard disk encryption – or at least all data directories/drives.

This entry was posted on Monday, March 24th, 2008 at 2:51 am by Laura Raderman and is filed under data theft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.