UK: Flying and Driving are Not for the Absent Minded!

With identity theft at an all time high, data security should be paramount in the minds of all businesses but, despite this, an unencrypted CD containing oodles of highly sensitive personal information about employees of leading security software firm McAfee was left lying in the pocket of an airline seat by their auditors in the USA.

The CD, containing the names, social security numbers and stock holding information of over 9,000 McAfee’s employees, was left on an aeroplane on 15^th December 2005 and was not reported to McAfee until more than one month later. The data loss leaves thousands of McAfee’s employees at risk from identity theft.

While at present there is no reason to believe that there has been any unauthorised access to the information, this is clearly possible should the information find its way into the wrong hands. The irony of the situation is that McAfee are a security software firm. The fact that it is some of their own data that has been lost, albeit through a third party, makes it all the more hard to swallow.

As a result of this incident, McAfee have said that they are taking steps to review their corporate policies and the way in which third parties handle their data in order to ensure that a similar scenario does not emulate itself again.

This incident is only one of a number involving data loss and auditors. Another well know firm also recently had a laptop stolen from an employee’s car, and while the laptop was password protected it did contain the social security numbers of some of its customers, not to mention in a separate incident where they lost four laptops from a Miami building conference room when two men walked away with their auditors’ computers while their auditors were out for lunch!

Mobile devices, such as wireless PDAs and smartphones, are also a cause for security concern and a survey carried out by Quocirca revealed that 20% of companies that have extensive use of mobiles among their staff do not have sufficient security measures and policies in place to ensure that sensitive data is adequately protected.

Whether it be laptops, PDA’s, CD’s or any other device containing sensitive information, companies need to ensure that they have adequate data protection policies in place. With taxis, bars and rubbish dumps to name but a few of the most common places where employee’s have been known to lose or for lost devices to end up, it is easy to see how highly personal data can inadvertently find itself in the hands of the criminal fraternity by momentary lapses in concentration!

The material contained in this article is of the nature of general comment only and does not give advice on any particular matter. Readers should not act on the basis of the information in this article without taking appropriate professional advice upon their own particular circumstances.