It looks like the last six months of information security breaches have prodded the
There were some who wanted to make the new law applicable to government workers only, but this was dismissed by (quite logically) concluding that “if you’re a member of the public it doesn’t actually matter if it is the public or private sector that is losing your data.” An argument that pretty much anyone can agree to. However, the deal is not sealed yet; the House of Commons must also approve the amendment. Hopefully, the House of Commons’s sense of urgency regarding this issue is as paramount to them as to the House of Lords.
If the amendment passes both houses, what does it mean for organizations in the
I expect that the one thing a lot of companies will rely on to ensure compliance with the law (if passed) is full disk encryption for their computers, especially if they have any laptops in the workplace. Of course, someone would argue that setting a policy stating that sensitive data should not be stored on such machines would be the responsible thing to do; and while I agree, I’m somewhat pragmatic and realize that this is hard to control. Plus, it’s probably a more resource-hogging way of approaching data security because it needs constant monitoring: with people downloading things left and right, who’s to say that something got saved locally that shouldn’t have been? This doesn’t mean that such policies don’t have a place in data security. The best way of making sure data doesn’t get leached out is to ensure that people don’t have data to leach to begin with. But then, how would people perform their duties? (Answer: badly, with a lot of frustration and grumbling.)
So, again, I expect that a lot of companies will see the practicality that lies in full disk encryption like AlertBoot and take that approach for ensuring they’re not being reckless with data. That’s because hard disk encryption is not as resource intensive. For example, once in place, there is no way to get rid of the encryption itself unless it’s initiated by someone who has access to the centralized management console. This is an easier way of securing data than constantly auditing what’s actually saved on each computer (and finding something was overlooked while reconstructing the contents after a theft).