Updated: Fri Dec. 10 2010 13:24:18

ctvcalgary.ca

Alberta's Privacy Commissioner says he's shocked by the lack of security practised by companies after revelations that computers containing financial and medical information of thousands of Albertans were stolen.

Over the last month, six laptops and a digital camera containing sensitive information were stolen, said Frank Work. Three of those devices were in the hands of government employees or contractors and contained health records.

One laptop belonged to a  researcher at the University of Alberta, which contained nearly 3,000 patient documents. A digital recorder was stolen from a Fish and Wildlife employee that had witness statements from an investigation they were conducting. The devices were generally stolen from people's cars. One was simply left behind in an airport.

Work says the government is doing a better job than the private sector of encrypting its computers. However, barely half of the government's 6,000 computers are secure and it will take nearly a year to secure the rest.

"Any amateur hacker can get around password protection with almost no problem, so password protection just doesn't cut it anymore," Work said, adding many people use their computers for personal Internet banking, income tax returns, and to hold clients' or patients' information.

"Just encrypt it. Save yourself the embarrassment of having to notify your friends, your patients, your employees, your clients, oh my laptop was stolen, I had your files on it, and it wasn't protected. Just save yourself that embarrassment and the anguish you're going to cause other people."

There are free sites that offer encryption software available. People can also have their computers encrypted professionally. It's something experts recommend.

Ben Haack with Tech-Squad in northwest Calgary says encryption will prevent a thief from stealing financial information or people's identities.

"If they manage to even pull the information off the hard drive, it's scrambled," he said. "It's like the Germans in World War II with the enigma machines. That was an early form of encryption."

Unless the thieves obtain the password to the digital key, they won't be able to access this information.

People don't need to encrypt their entire hard drives. They can select whatever files or programs they want to be encrypted, which they can access as long as they hold the password.

Work said in addition to encrypting their computers, people should also use discretion before downloading clients' or patients' information on their computers.

Alberta law requires that the private and public sector report any thefts of devices containing personal information.

Premier Ed Stelmach acknowledged this is a concern and urged staff to handle their laptops carefully and secure them whenever they can.

Comments are now closed for this story

Lina
Any information that is deemed important should be only available in labs and offices in computers provided by the institution, and not PCs. People and professionals should not be allowed to carry patients' info with them wherever they go. What if they die and someone else gets hold of the info, or someone needs the info afterwards? It should be like operating in a biohazardous lab where you don't take bugs with you home, because you never know who might touch or take them.
I hope these professionals had some backup files or else I don't understand how they think...

Doug
As an IT professional, I have had the opportunity work with different government agencies. I find that when department budgets get tight, IT security is suddenly an unnecessary expense and becomes "optional". Obviously, this is not the way to manage sensitive information.

KarlP
There are so many other options available to people to protect their sensitive data not even mentioned here. Such as storing documents and user files on a removable memory stick. You can also buy memory sticks with encryption built right into them. If the laptop gets stolen, although the device is lost, the sensitive data is safe with the user. You can wear a memory stick around your neck like a pendant or attach it to your belt loops with a small carabeener hook.
The biggest issue with security is lack of training.

Bob
I also agree with Paddy, these people should get the boot and not $681,000.00 to go with it. Our so called "health system" is really screwed up.

Stephen
I called the Tech Squad place and they were totally helpful explaining how I could get set up with protection for my stuff. Especially if you travel, you never know what those shifty airport security guards snoop through your luggage.

Rick
No matter how hard you try, you just can't legislate away stupidity nor the degree at which criminals will go to acquire your precious private info. What can be done is to use strong guidelines, strong encryption, and an OS that is not so easy to break into. This goes just as strongly for private people as for 'trusted business/government' operation.
There are better alternatives to a Microsoft OS like the Mac OS/X based upon BSD or Linux. They support higher encryption, are faster and cheaper in many ways too.

DD
Agree w/Paddy

What ever did they do BEFORE they had laptops? Maybe it's time to look into keeping our info on secured pc's in a secured place, not driving in the back seat of our trusted gov't employees on their way home. Why does this info need to be 'taken out' in the first place? I, for one, learned not to take my work home! for many reasons!

Paddy
I think charges and firings should result from careless handling of personal information by government employees.
Further, there should be clear rules as to who where and why personal info should be on portable devices and where those devices may be stored.
Similar legislation should be passed governing our personal information in private hands.

Bails
Are you ready for this Privacy commissioner, how about making it law that they have encryption technology installed and not just that they report it to you after it has been lost.