The theft of a laptop computer could potentially affect 100 youths in Newcastle. According to a press release by the UK Information Commissioner’s Office (ICO), a laptop was stolen from a contractor that was working with the Newcastle Youth Offending Team. The laptop was not protected with disk encryption software.
Contract in Place, No Follow Up
The theft took place in January of this year. A laptop being used by a Newcastle Youth Offending Team contractor was stolen during a home burglary, leading to the breach of names, addresses, dates of birth, and the names of schools. The contractor was working on a “youth inclusion program.”
While there was a contract in place for the protection of data, Newcastle Youth Offending Team did not ensure that the agreement was being followed. Due to the breach, Newcastle Youth Offending Team had to sign an Undertaking, promising to make sure that contractors and other data processors working on their behalf would ensure that laptops, mobile devices, and other portable machines will be protected with encryption software.
Third Party Compliance – How to Check Up
That contractors, business associates, and other third parties can cause an organization is not news. It’s happened more than often in the past; chances are that it will happen many times more in the future as well.
The ICO has faulted Newcastle Youth Offending Team for the lack of encryption, but realistically, how can the Youth Offending Team monitor what the contractor does? It could ask for some kind of certification, I guess. But then, they had a contract: are we to believe that one official document can be trusted over another?
Of course, there is a way around this: certain encryption suites, such as AlertBoot, feature a central management console that is accessible over the internet. In fact, we’ve signed up customers based on the fact that they can just tote around a laptop and show potential customers that, yes, they do use full disk encryption to protect their laptops and other computers.
With such a tool at one’s disposal, proving compliance would literally be a couple of clicks away.
Related Articles and Sites: