Attorney Encryption: Legal Aid Society Data Breach Affects 3,200 When Laptops Stolen.

The Legal Aid Society of San Mateo, California has selectively contacted and warned people who were affected by an August 12 data breach.  A total of ten laptops were stolen, none of which were protected with attorney laptop encryption.  The case strongly highlights why full disk encryption is important on portable devices, and why those in the legal profession should especially pay close to attention to its use.

Break-In

According to smdailyjournal.com, the Legal Aid Society (LAS) of San Mateo offices were broken into on August 12.  While the group’s client files and database were not affected, thieves stole ten laptops that contained “correspondence with personal information.”

Long story short, it sounds like LAS had to declare a data breach because there was no way to protect emails that were stored on each individual laptop.  This should not come as a surprise to anyone who uses, for example, Microsoft’s Outlook email program.  While a username and password is required to download emails that are stored in a central server, as well as to send out emails, accessing previously downloaded correspondence is quite easy in Outlook.  You just double-click the icon and bam! there they are.  Don’t know the correct username or password?  Not a problem, ’cause there they are.

Mind you, most of the email applications I’ve used in the past twenty years do the same thing, so I’m not necessarily singling out the guys out in Redmond.

Full Disk Encryption: Protecting ALL Contents on Your Laptop

The case for disk encryption is simply this: it’s impossible to keep track of all your files.  That means it’s also impossible to keep track of which files are sensitive, hence needing protection, and which files are not.  Instead of spending a lot of time and energy into figuring this out, you just protect the contents of the entire laptop computer.

This way, even applications that handle sensitive data – like your email application – can also be protected even if it does not natively handle encryption.  This is especially important for lawyers.  While they are not required to use encryption, lawyers are duty-bound to protect their clients’ confidentiality, and hence the use of encryption software is of essence, even if it’s not required by any law, regulation, or standard.

Related Articles and Sites:
http://www.smdailyjournal.com/articles/lnews/2013-10-17/stolen-laptops-may-have-compromised-legal-aid-client-info/1776425111804.html
http://www.healthcareitnews.com/news/lack-encryption-brings-breach-blunder

 



Comments (0)


Let us know what you think