Computerworld reports on the fact that companies or agencies fail to encrypt portable devices — such devices are easily lost or stolen and can have personal data on them. Three years ago, a report (pdf) from the Government Accountability Office found that more than 70 percent of the federal government’s mobile devices were unencrypted at the time of the review. In March, the Office of Management and Budget reported that (pdf) the government-wide average for portable-device encryption “is 54% with several agencies having achieved 100%.”
The article is tied to the news that BP has lost an unencrypted laptop “containing personal data belonging to thousands of Louisiana residents who filed claims for compensation after the Gulf oil spill,” reports the Associated Press. Computerworld reports:
The continuing failure by most enterprises to encrypt sensitive data stored on laptops and other mobile devices is inexcusable, analysts said following BP’s disclosure this week of a data compromise involving a lost laptop.
The computer contained unencrypted personal data such as names, Social Security numbers and dates of birth belonging to about 13,000 individuals who had submitted claims with the company over last year’s disastrous oil spill. […]
The company is only the latest in a long list of organizations that have made similar announcements over the past several years. In fact, data compromises involving lost or stolen laptops, unencrypted storage disks, and other mobile devices account for a substantial portion of breaches these days.
According to statistics maintained by the Privacy Rights Clearinghouse, about 30 of the 144 data breaches announced so far this year, for instance, involved portable devices. […]
The growing cost of data breaches in particular should be pushing companies to adopt portable encryption more aggressively, say analysts. The Ponemon Group released a report last month showing how companies that experience data breaches these days can end up paying close to $214 per compromised record on average.