You’d think after dumping 205 million gallons of crude in the Gulf a company like BP would be a cautious lot. Let’s hope their drilling practices have become much safer than their computer security practices. BP disclosed this week an employee lost a notebook containing the personal and private information on 13,000 individuals who had submitted claims associated with the spill. This would not be a problem if the computer had been encrypted. Unfortunately for BP and the 13,000 victims it was not.
Sadly, this is happening all too often. The Privacy Rights Clearing House reports 29 of the 144 breaches reported so far this year have involved lost or missing portable devices which were not encrypted. Since this is happening so frequently you may think encrypting a drive is an expensive or arduous task. The surprising news here, it’s not. Many commercial programs are available for less than $100 and there’s even a free, open-source choice here.
Ultimately this is simply a good business practice and the kind of thing your clients or patients deserve. Besides, encryption meeting NIST standards offers HIPAA and SEC safe harbors so you can do the right thing and keep the regulators happy at the same time.