Google the words “data loss” and you will be inundated with results referring to portable devices containing sensitive information that have been lost or stolen. For example, it was reported back in July that the Department of Health alone had lost more than 300 laptops and 400 mobile phones since 1997.
Although an outright ban on storing business data on portable devices would be impractical in today’s mobile environment, the Information Commissioner’s Office (ICO) is right to crack down on offenders. All organisations must ensure that any portable device containing sensitive information is carefully transported and, more importantly, properly encrypted. The policies, procedures and responsibilities need to be in place and understood, and appropriate encryption applied religiously.
But even for heavyweight encryption, there is still a risk the data can be accessed by a determined and resourceful third party. So when the information stored on portable devices is either particularly sensitive or particularly voluminous, as is likely to be the case with backup tapes, is encryption alone really enough?