Aw, not again.

Another organization has confirmed that a device with personal information has been lost and – surprise – it wasn’t encrypted.

According to a report from Computerworld U.S., the National Aeronautics and Space Administration (NASA) says a large number of personal information on employees and contractors was on a laptop stolen from a car two weeks ago.

It was the second time this year a laptop with unencrypted personal data went into the ozone.

The most recent laptop to have suffered a lift-off was password protected, but – despite the earlier loss – the data is at risk because the still agency didn’t have a policy mandating staff to encrypt devices with personal information.

Now NASA’s getting it, and such a policy has pushed the agency to order the policy.
(Image via Shutterstock)

It reminds us of the recent loss of data sticks at Elections Ontario – which was worse. The agency HAS a policy that any device leaving the office with personally identifiable information must be encrypted. Contract staff handling the devices didn’t know how to make the encryption software work, and also assumed zipping the data was the same.

So millions of voter records went unprotected, and then disappeared.

The lesson here is from Ontario privacy commissioner Ann Cavoukian: First organizations have to recognize the dangers, then they have to put in security policies with ongoing compliance procedures to back them up.
Her office will be glad to send you a copy of her report on how to do it.