Really? Really? Still not encrypting data on portable storage devices? Really? Really?


C’mon. How many headlines do you have to ready before you figure out you should encrypt data on portable storage devices? Portable devices are lost, stolen and copied. Encrypt them!

Oh, and if you’re going to provide notice to your customers of the breach, do it within a month.

2 thoughts on “Really? Really? Still not encrypting data on portable storage devices? Really? Really?

  1. You raise the excellent issue of when to notify. In my experience, notifications after 30 days bring scrutiny from regulators. Spending a little more in the notification phase may be worth it, but your point is well made and I shouldn’t assume this. Ideally, you will have done the work within 30 days and pre-negotiated contracts with your print houses and credit monitoring vendors far in advance. This is where I often see needless delays (I won’t mention the cost increases when you are trying to negotiate these at the last minute). I also see needless delays because of poor breach responses and a failure to prioritize. While there are clear exceptions (which I have been a part of), I think generally you should be able to get your notifications out within 30 days.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s