So is employee information in your business encrypted? If not why not? (Note that just employee names isn’t that big of a deal as they would mostly be in the phone book anyhow.)
“An investigation by the Office of the Information and Privacy Commissioner (of” Alberta) has determined that East Central Health had proper safeguards in place to protect health information contained on a laptop computer which had been stolen.”
Let me add that Two Hills, Alberta is a village with a population of about 1,000 people. So it would be quite easy for the supervisor to notice a loitering individual and identify them to the RCMP. And the RCMP have a very good idea of who the unsavory individuals are in their towns and villages.
That said even if the laptop hadn’t been recovered it would appear that East Central Health still followed proper procedures for encrypting the data.
I’ve forwarded the above to the The Risks Digest – Forum On Risks To The Public In Computers And Related Systems http://catless.ncl.ac.uk/risks as an example of what you are supposed to do. They have too many postings of the problems encountered and not enough good ones. <smile>
There are no statistics available on how many readers there are of that digest given the widely distributed nature of it’s various communications methods. However I would suspect that it is in the millions of security conscious computer professionals around the world.
I also cc’ d the folks at East Central Health and the local MLA, a provincially elected official.