Despite the availability of free, open source encryption packages like TrueCrypt data continues to be lost or stolen.
Figures gathered from the Information Commissioner's Office have underlined the extent of data breaches in the UK, showing that over 350 individual incidents of data loss have been reported in the last year.
The information, gathered as part of a Freedom of Information request by software company Software AG revealed that the ICO has handled reports of 356 unique incidents of companies and government departments losing personally identifiable information about their customers - more than double the number reported in the preceding twelve months.
By far the most common reason for data going walkabout was the loss of portable computing devices: according to the report, 127 portable devices - including laptops - were reported to the ICO as having been stolen with personally identifiable information on their hard drives.
Portable media doesn't fare much better, with 71 cases of CDs, DVDs, and solid-state devices having been carelessly lost with copies of business-critical client databases stored thereon. A further 24 cases report that the data was lost as a result of an error by a courier company.
Perhaps the most worrying figure is that of the 356 incidents, 78 were categorised as "data disclosed in error
" - i.e. media being sent to the wrong address or e-mails being incorrectly addressed. While having something stolen is perhaps excusable - although the lack of encryption in use on such devices isn't - simple human error in this way is harder to forgive.
While high-profile attacks
on company websites steal the headlines, victims of identity theft remain more likely to have their details snagged by an opportunistic thief as the result of a lost or stolen laptop or memory stick than as the result of a website crack. Despite this, encryption on such devices - even free, open source
solutions - remains the exception rather than the rule.
Do you believe that the figures obtained by Software AG show a worrying disregard for the privacy and safety of customers, or is this sort of security breach simply to be expected? Share your thoughts over in the forums