Full Disk Encryption should be a legal requirement for any organisation that holds personally identifiable data, says BeCrypt Tuesday 9 September 2008 PDF Print Technology can and should prevent human error according to BeCrypt BeCrypt, the leading supplier of data security solutions to the UK public sector, MOD, police forces and corporate markets has stated that there is absolutely no excuse for the recent round of serious data breaches. The most recently publicised data breach, the loss of a portable hard drive containing the details of up to 5,000 prison staff follows hot on the heels of news that a laptop was sold on eBay reputedly containing banking details of one million customers of a high street financial institution, and the loss of a USB stick containing details of 84,000 prisoners. Whilst these incidents were as a result of human error, Marc Hocking, Chief Technology Officer claims that had the correct data encryption technology been in place, the likelihood of human error would have been significantly reduced. Mr. Hocking went on to say, “If security is too cumbersome people will find a workaround, so it needs to include built in checks to prevent people from making mistakes. Encryption technology is now available that is easy to roll out to all computers and data storage devices within an organisation, it can be centrally managed and it is transparent to the end user, so it does not affect their ability to do their job. “Furthermore, systems like BeCrypt Trusted Client, enable authorised parties to access data securely from any location but does not allow them to store any data locally, meaning that people would not need to save data to a USB stick or portable hard drive. The data would have remained on its home server where it was securely protected and encrypted. With the availability of these systems organisations can provide a safe and secure and yet flexible working environment for staff, so there is really no excuse not to protect people’s personal information more thoroughly.” In the last three months, three separate reports have been published about Data Handling in the Government and Public Sector space; • Data Handling Procedures in Government: Final Report, which was undertaken by the Cabinet Office; • Sir Edmund Burton’s Report into the Loss of MOD Personal Data for the Permanent Under Secretary Ministry of Defence; • and the Review of information security at HM Revenue and Customs: Final Report, by Kieran Poynter. Each report makes a different set of recommendations that will impact widely on the public sector, the third party organisations that work with the public sector, and the wider business community. However they all call for a culture change to one where personal data is treated with the utmost respect. In many cases personal data is required in order to provide better and more personalised services, however, the data remains the property of the citizen, with the third party the custodian of, rather than the owner of, the data. This underlines the fact that it is already a legal requirement for government organisations to protect personal data, and this should now be extended to cover all organisations. Another common theme across all reports is that end users, ie staff, must be given clear guidance, including regular training, on the treatment and handling of data and that data security measures must be quantifiable, transparent, and easily open to scrutiny. Mr. Hocking continued, “Public sector bodies are now required by law to follow data handling best practice when dealing with personally identifiable data. Non public sector organsations need to think and act seriously about the legal requirements for protecting data. If data is lost from either public or private sector its impact can be equally disruptive and distressing. For instance, if personal finance information appears on eBay, no matter where it came from and how it got there, individuals may still be exposed to the risk of identity theft. Furthermore, the organisation that lost the data in the first place can be subject to large fines and bad publicity.” For a copy of BeCrypt’s white paper Data Handling – A practical approach, please contact Andreina West, on 01491 639500 or via email: email@example.com. -ends- NOTES TO EDITORS: About BeCrypt BeCrypt Limited was formed in 2001 to meet the growing demand for high-level computer encryption products in the international government and corporate marketplace. BeCrypt products protect customers in key UK government areas including: central and local government, the defence sector, law enforcement and transportation. The company now also provides a range of flexible security products tailored to meet the requirements of the commercial sector. BeCrypt has customers in financial services, pharmaceutical, insurance and banking sectors. BeCrypt’s DISK Protect Baseline and DISK Protect Enhanced products have been designed to meet stringent government security standards and have been approved by the UK Government. BeCrypt has won an award from the Department of Trade and Industry for innovative technology and has patents pending on a number of unique security technologies. BeCrypt is a privately owned company based in London with additional offices in Washington, DC and in Santa Clara, California. For more information please visit: www.becrypt.com or call: Editors contacts: Ben Ross Vice President of Marketing BeCrypt Limited Tel: +44 (0) 845 838 2050 Email: firstname.lastname@example.org Andreina West/Mary Phillips PR Artistry Limited Tel: +44 (0) 1491 639500 Fax: +44 (0) 1491 638866 email: email@example.com This press release was distributed by ResponseSource Press Release Wire on behalf of PR Artistry in the following categories: Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.