Photo owned by Britt Selvitelle (cc)
Email sent to TDs and Senators:
In the event of the loss or theft of any such device containing personal data, Members are advised to contact the GardaÃ (to report the incident) and the Office of the Data Protection Commissioner (for advice on the most appropriate steps to be taken in relation to the lost / stolen data).
In order to maximise the security of data which may be on laptops and desktop computers, the Office has recently invited tenders for the provision of a data encryption system. As soon as a contract has been awarded, we will contact Members again to offer the installation of this software on all existing laptop devices. The software will automatically be installed on all laptops issued to Members after the contract has been awarded.
Members are reminded that although they are no longer required to register with the Data Protection Commissioner merely by virtue of their membership of the Oireachtas, they are still responsible for ensuring the safety of personal data which is stored on their computer systems.
The Office will replace stolen laptops only following receipt of a formal Garda report confirming that the loss or theft has been reported to the GardaÃ.
There’s more to security than encryption, right? Anyone got a better solution?
Go back to Morse code!
Having an IT policy of, ya know, NOT carrying around the details of 10000 people on a laptop might be a step in the right direction.
I rang the BoI to ask if I was on their list of 31,500 lost records. Fortunately, I wasn’t. I then (cheekily) asked if my wifes details were. They asked for her details and then told me she wasn’t. The thing is, they didn’t verify who I was on the call and then happily told me about another customer, even if she was my wife.
The problem with data security in this country is education at all levels and in ALL ROLES not just the technical ones – simple fact is nearly everyone uses a computer. There’s too often the view that “This technical stuff is so complex, sure no-one can get at it – sure jaysus, I can just about login and send an e-mail me-self.”.
It’s time for serious fines, reprimands and public naming and shaming. I, for example, would have liked EUR10 just for the time and effort I took to call BoI 🙂