What’s even better that finding that a stolen hard drive was protected with disk encryption? Recovering it.
Waseca Backup Drive Contained Personal Information
Earlier this month, the City of Waseca recovered a hard drive that contained personal information for utility customers; current and former employees; and contractors. The hard drive was being used as a back up device and was stolen from the city’s IT vendor, Pantheon Computer Systems.
A brief write-up at wasecacountynews.com reveals that the hard drive was stolen from a parked car on October 24. It was in the car because the drive was being taken to City Hall to replace corrupted data. Talk about bad timing. Thankfully, the computer drive’s contents were encrypted, so the threat of a data breach was nullified.
The drive was recovered when someone noticed a couple of teens looking into cars and reported them to the police. One of teens admitted to stealing the hard drive upon questioning.
Notification Letters Already Sent
Notification letters were sent before the drive was recovered. According to wasecacountynews.com, the city
needed to notify the approximately 4,200 utility customers in the city along with about 700 present and past employees and contractors without delay and inform them of the theft in accordance to state statute 13.055, which reads: “A state agency that collects, creates, receives, maintains, or disseminates private or confidential data on individuals must disclose any breach of the security of the data following discovery or notification of the breach….”
Interesting. I was under the impression that Minnesota statues provided an exemption from this law if encryption software is used to protect data. Lawyers were supposedly involved in arriving at the decision, so I’m not sure what to make of it.
I can only imagine that hard drive encryption was not used, a tool that encrypts (protects) the contents on an entire computer disk. Instead, it could be that file encryption was used. While it provides the same level of protection, file encryption can only protect files that were encrypted (as name the suggests). If any files were not encrypted, you’ve got a data breach.
In fact, this is why disk encryption was developed: someone finally realized that you can’t rely on people to encrypt all of the important files, so you just encrypt the entire device and call it a day.
Related Articles and Sites: