Data Encryption Software Protects Computers Stolen During Break-In At Downpatrick.

5,400 medical files were saved on computer drives stolen during a break-in in the UK.  However, there are no needs to fear a data breach, since it looks like encryption software like hard disk encryption from AlertBoot was used to secure the contents.

Unlucky Surgery Practice

Thieves broke into a doctors’ surgical practice over Christmas and stole various items.  Included were two computer hard drives and several DVDs that were used as backups.  Thankfully, the doctors had the sense to protect the information with encryption.

(Due to the nature of the media, I assume full disk encryption was used for the drives, and that file encryption was used for the DVDs.)

It turns out that misfortune is a frequent visitor to this venue.  According to the BBC, in November 2009, a fire at the surgery damaged thousands of files.  Another fire broke out one week later.

Hm.  Perhaps that’s what prompted them to secure their digital files in the first place?  It’s commonly known that those who’ve experienced ill-luck are the ones usually best prepared for the vicissitudes of life….  It also explains why people move to secure files once they’ve had a data breach, while those who’ve never had one (or don’t realize they’ve already had one) talk the talk, but don’t walk the walk of data security.

When Is A Data Breach Not A Data Breach?

I had originally come across this article while perusing the site.  The administrator of that site notes that “some might not consider this a breach because of the encryption.”

I’m part of that “some.”  While my opinion may differ from others (clearly certain laws do not–they provide safe harbor from notifying customers of data breach if encryption was used to protect personal or sensitive data), it seems to me that encrypted data cannot lead to a breach.  Think of it in the following way: What exactly is a data breach?

It’s the access of any information by unauthorized people.  That means that, if unauthorized people cannot access the data, there is no breach.  That’s why, if documents are locked in a closet and a thief is not able to access the closet, there is no data breach.  If the thief is able to gain access to the closet, it’s a breach.  If he steals the files, it’s a worrisome breach.

It’s the same if instead of a locked closet, we use a phalanx of security guards or a really stinky skunk: the key question is “was the data accessed?”  Likewise with encryption: was the data accessed?

So, yeah, I tend to think that the loss of encrypted data–secured by data security tools like AlertBoot–is not a data breach.  With one caveat, though: the keys to accessing the encrypted data was not stolen as well.

Related Articles and Sites:

Comments (0)

Let us know what you think