A report in the Air Force Times indicates a laptop containing personally identifiable information (PII) about 1,000 West Virginia Air National Guard members was stolen during a training trip in November. The spokesperson for the Air National Guard indicated:
“The Air Force uses some of most sophisticated encryption processes to safeguard information on government computers”
…implying the data on the laptop was encrypted, but not coming right out and saying it was.
If it was encrypted, it is likely that this incident would not have been reported.
In the report the spokesperson also said the notification letters warned the involved individuals “to be alert for identity theft.”
Hmm…wonder if the data was encrypted or not? Is this an indication that perhaps someone was not following the policy to encrypt the data that was on the stolen laptop?
Strong sanctions must exist and consistently be applied for them to be followed and be effective.
Tags: awareness and training, credit reports, encrypt, encryption, Information Security, IT compliance, laptop security, laptop theft, PII, policies and procedures, privacy