Comment : Encryption could have prevented HSBC data scare

The loss of a computer disc with the details of 370,000 customers of HSBC is fuelling again the discussion in the UK on data security: The customers' details included their names, dates of birth, and their levels of insurance cover but no addresses or bank account details.

According to a HSBC spokesperson the data on the disc was protected by a password but had not been encrypted.

To avoid data breaches particularly in the banking sector, where information is highly sensitive, strong data encryption is a minimum protection required for laptops, discs and USB storage devices.

To provide 360-degree data protection a comprehensive data security concept is essential. Encrypting data with a centrally managed user encryption key allows authorized users or user groups to read and process data across the company.

It prevents external or unauthorized people to access and abuse data. There are also software solutions available for encrypting lap tops, removable media as well as secure E-Mail communication guaranteeing that corporate security policies are automatically implemented without the user having to do anything.

A greater awareness amongst employees paired with professional encryption solutions could have prevented the HSBC being added to an ever growing list of companies and organizations having to report failure in protecting their customers' data, fearing image loss and heavy fines from the Financial Services Authority (FSA).

An important principle of the Data Protection Act is that organisations which process personal information must ensure it is held securely. The case of HSBC demonstrates yet again that data protection must be a priority for the private as well as the public sector.