SafeBoot warns that failure to embrace data encryption technologies leaves organisations open to large damages

Personal workers at pharmaceutical giant Pfizer have lost two laptops containing employee details. While the laptops were password protected the data was not encrypted.

Tom de Jongh, product manager at SafeBoot, has warned companies that failure to embrace data encryption technologies leaves them open to large damages.

He said: “More needs to be done to ensure the protection of sensitive data. Encryption really would have prevented the embarrassment Pfizer is now facing and kept individuals’ data safe from prying eyes, and I am surprised that businesses are still not seeing encryption as an essential part of the security portfolio. However, the lack of encryption is not the main issue in this particular case, but it is the timeline involved.”

“Lessons can be learnt from the US, who is streets ahead in the data protection game. Since 2003 Californian law has stipulated that all companies must report identity theft and inform individuals of the fact that their personal data has been stolen or lost.

Tom de Jongh, product manager at SafeBoot

“The dates need questioning: The laptop theft occurred on the 31 May, but it took Pfizer until the 21 July to write to employees. Surely the people who were placed in an extremely vulnerable position deserved to know about it? Well according the UK law, they don’t. In the UK, if a person’s data is stolen it is unlikely they will ever find out. There is no law making reporting mandatory. The damage to a company’s reputation and share value can be enormous – just ask TJX after they posted a $256m loss following the recent credit card hack. Without the legal requirement to report information breaches it is more than likely a company will try not to inform the individuals affected in the hope that the loss will not be too serious.

“Lessons can be learnt from the US, who is streets ahead in the data protection game. Since 2003 Californian law has stipulated that all companies must report identity theft and inform individuals of the fact that their personal data has been stolen or lost.

“Last week, we finally saw the UK making some noise about implementing a similar law. The House of Lords Select Committee on Science and Technology has proposed a data security breach notification law. This is great news and will not only have the effect of making everyone feel safer, but creates more transparency about our data. It may even make companies think twice about their laissez faire attitude to data encryption.”