“UPS, the parcel service and global transportation and logistics business, has taken remedial action, including the encryption of all its UK laptops and smartphone devices, following a breach of the Data Protection Act last year.”
That is the opening paragraph from a press release from the UK Information Commissioner’s Office. The remedial action (and also an undertaking to handle personal information securely in future) comes in the wake of the theft of an unencrypted, password-protected laptop from a UPS employee in October of 2008. That laptop contained the details of some 8500 UPS employees.
The section of the press release that is possibly the most interesting, is the explicit recommendation that all laptops and smartphones be encrypted in future
“Mick Gorrill, Assistant Information Commissioner, said ‘Password protected laptops are not secure. I urge all organisations to restrict the amount of personal information that is taken off secure sites. I am pleased that UPS has encrypted its laptops and smartphones, and I urge other organisations to follow suit.””
While enterprise deployment of device level encryption has really gained momentum over recent years, the same cannot be said of encrypting the data that resides on the ubiquitous smartphone devices, particularly on the removable media cards they often contain.
This press release may have some resounding repercussions for enterprises and governments in the near future.