Privacy Commissioner shocked over missing digital devices
Alberta's Privacy Commissioner says he's shocked by the lack of security practised by companies after revelations that computers containing financial and medical information of thousands of Albertans were stolen.
Over the last month, six laptops and a digital camera containing sensitive information were stolen, said Frank Work. Three of those devices were in the hands of government employees or contractors and contained health records.
One laptop belonged to a researcher at the University of Alberta, which contained nearly 3,000 patient documents. A digital recorder was stolen from a Fish and Wildlife employee that had witness statements from an investigation they were conducting. The devices were generally stolen from people's cars. One was simply left behind in an airport.
Work says the government is doing a better job than the private sector of encrypting its computers. However, barely half of the government's 6,000 computers are secure and it will take nearly a year to secure the rest.
"Any amateur hacker can get around password protection with almost no problem, so password protection just doesn't cut it anymore," Work said, adding many people use their computers for personal Internet banking, income tax returns, and to hold clients' or patients' information.
"Just encrypt it. Save yourself the embarrassment of having to notify your friends, your patients, your employees, your clients, oh my laptop was stolen, I had your files on it, and it wasn't protected. Just save yourself that embarrassment and the anguish you're going to cause other people."
There are free sites that offer encryption software available. People can also have their computers encrypted professionally. It's something experts recommend.
Ben Haack with Tech-Squad in northwest Calgary says encryption will prevent a thief from stealing financial information or people's identities.
"If they manage to even pull the information off the hard drive, it's scrambled," he said. "It's like the Germans in World War II with the enigma machines. That was an early form of encryption."
Unless the thieves obtain the password to the digital key, they won't be able to access this information.
People don't need to encrypt their entire hard drives. They can select whatever files or programs they want to be encrypted, which they can access as long as they hold the password.
Work said in addition to encrypting their computers, people should also use discretion before downloading clients' or patients' information on their computers.
Alberta law requires that the private and public sector report any thefts of devices containing personal information.
Premier Ed Stelmach acknowledged this is a concern and urged staff to handle their laptops carefully and secure them whenever they can.