“Robust approach” to encryption would have reduced the risk to the firm
The Office of the Privacy Commissioner said that the recent burglary of a law firm revealed the dangers of not having a secure and encrypted back-up of documents and work.
In a recent blog post, the office said that an unnamed law firm was burgled and their computers were stolen – however, they had “relied on the physical security of their building to protect their data and had no off-site back-ups of critical files.”
“An external hard drive with backups of all the data was stored on-site and was also stolen,” the office said. “The data was not encrypted.”
According to the office, an organisation losing files containing sensitive personal information about clients has potential to cause “serious harm to many people.”
“A comprehensive and robust approach to encryption across the law firm would have been reasonable protection and would have substantially reduced the risk to the firm,” the office said. “Whether the threat is a burglar targeting electronic gear, a fire, or a building condemned for earthquake damage, having a secure off-site back-up mitigates the risk of loss.”
