Canada Data Encryption: Bureaucrats Ponder Burning Garbage, Hiring Dumpster Divers To Avoid Data Breach.
Ineptitude. This is the word that leapt to my mind as I read a story about Canadian bureaucrats who considered a couple of different ways to “avoid repercussions over” the loss of a USB memory stick. These kinds of incidents wouldn’t make the news if encryption software is used to protect and secure sensitive data.
Approximately 5,000 Canadians Affected
According to o.canada.com, senior bureaucrats at Human Resources and Skills Development Canada, upon learning of a USB stick’s disappearance, considered hiring professional dumpster divers (for $15,000) to find the electronic device. When the companies refused the job, HRSD considered burning the garbage in which the USB stick was suspected of being; however, Ottawa lacked the “incineration capacity” to do so. The plans were scrapped.
The device contained disability pension applications for 5,049 people.
Department policies regarding the encryption of sensitive information were in place, but they were not followed in this particular case. However, that did not trigger my incredulousness. No, the disbelief came into its own when I heard that the department was considering hiring dumpster divers for $15,000.
(The fact that they did, if anything, seems to indicate that the Canadian government, takes data breaches seriously. Perhaps such bungles reflect poorly on one’s resume and affects his or her chances of advancing in the workplace. I honestly cannot think of any other reason for even considering hiring professional trash trampoliners. Assuming it takes 24 hours to go through the entire contents, that’s $625 per hour.)
Based on what I’ve read at o.canada.com, it looks like the USB stick’s loss was an accident. The lack of data encryption also looks like an accident (although, to be honest, a solution like AlertBoot FDE would have nipped that particular problem in the bud – external storage devices are automatically encrypted with our software and tagged for sharing around the office).
But trying to cover up an accident….that’s no accident. It takes willpower to do it, and it takes willpower to consider doing it. If they had followed through, it would have been pretty irresponsible, not only because of the cost involved, but because burning trash that is suspected of harboring a lost USB thumbdrive doesn’t guarantee data security. (Burning trash that you know contains the USB, on the other hand, is a different story….).
The best way to deal with data breaches is not to have one to begin with. Of course, that’s impossible. That’s why encryption is used.