The BBC is in some hot water after a Freedom of Information request led to the revelation that the Beebs has lost £240,000 ($376,000) worth of laptops and other mobile devices in the past two years. Many seem to be questioning the IT security of the BBC in light of the revelation. Some digging shows, however, that the BBC uses laptop encryption software, and their loss rate is probably pretty average, if not a bit more secure.
Not Really News, As Far As Stats Go
The FOI request was filed by Absolute Software, a data security company and it was found that 146 laptops, 65 phones, and 17 BlackBerrys were stolen. There’s nothing in the story that’s particularly surprising, aside from the fact that a software firm is filing FOI requests.
As pcpro.co.uk has pointed out, the BBC staff is 23,000 strong. While one cannot assume that all staff are given laptops, it’s not preposterous to assume that each one of them would use a computer. Given the number of computers used, 146 laptops lost over two years (or if you will, 73 laptops per year) doesn’t seem bad. In fact, if some statistics are to be believed, the BBC actually has a lower loss rate than most organizations (an assumed annual loss rate of 0.3%).
pcproc.co.uk cited a study that showed anywhere between 2% to 4% of laptops are lost annually, which sounds about right. Of course, it’s a comparison of apples and oranges, since my 0.3% figure would also include desktop computers.
If we do a back-calculation, a 4% loss rate of 73 laptops leads to a total of 1,825 devices. In other words, the BBC could be considered to have less-than-average secure practices if they issued less than 1,825 laptops to staff.
Using the 2% loss rate, the device count jumps to 3,650 laptops. Seeing how over 20,000 people work for the BBC, my guess is over 3,650 laptops are used by BBC staff, meaning that the broadcasting company’s loss rate is actually lower than average.
Like I said, this is not news. Or, rather, it’s not bad news. While I cannot defend the loss of machines–at tax payers’ expense no less–I’m not about to crucify the Beebs for being average.
No Personal Information Lost, ICO Not Notified
computerweekly.com contributes this piece of news:
A spokesman said, “The BBC has an automatic laptop encryption programme in place. When a BBC laptop or smartphone is lost we check if any personal data was lost, and an assessment is then made as to whether either the individuals or any authorities, including the ICO should be informed. None of the losses in question triggered any such notification.”
While I have some doubts as to whether the BBC was truly able to investigate the entire, up-to-date contents of missing devices (what about files that were created on the road, ten miles from the closest wi-fi spot?), I’ve got to assume that they’re telling the truth.
Plus, if laptops are only issued to, say, field reporters for filing stories and editing video segments, it stands to reason that person information wouldn’t be stored in missing devices.
From a security standpoint, the pragmatic thing to do is to focus on the “automatic laptop encryption.” If all laptops are protected via technology similar to AlertBoot endpoint encryption software, personal information or not, the fear of data loss or theft is a moot point.
Of course, that doesn’t change the fact that British taxpayers are out $300,000 over the past two years…
Related Articles and Sites: