This latest data loss has it all (see http://news.bbc.co.uk/1/hi/uk/7575989.stm)
– Unencrypted mobile senstive data (on a USB stick)
– A third party vendor responsible for the data
– A public disclosure of the loss
It’s certainly bad news and it highlights a couple of things. Firstly that USB sticks are very easy to lose. Secondly that they have the capacity to hold very large sets of data, and thirdly, that the lesson about what happens when data gets lost still hasn’t been learnt hard enough for organisations to think that encrypting it should be a priority.
Encrypted USB sticks are a little more expensive than standard devices but readily available. I’ve got one in my pocket at the moment (one of these from Kingston).
PA Consulting, the vendor behind this latest data loss – have a very comprehensive website. On it they state
“Information assurance, or more commonly, information security, is about not just the storage of information but also its transfer”…