Skip to main content

Comment : Encryption could have prevented HSBC data scare

The loss of a computer disc with the details of 370,000 customers of HSBC is fuelling again the discussion in the UK on data security: The customers' details included their names, dates of birth, and their levels of insurance cover but no addresses or bank account details.

According to a HSBC spokesperson the data on the disc was protected by a password but had not been encrypted.

To avoid data breaches particularly in the banking sector, where information is highly sensitive, strong data encryption is a minimum protection required for laptops, discs and USB storage devices.

To provide 360-degree data protection a comprehensive data security concept is essential. Encrypting data with a centrally managed user encryption key allows authorized users or user groups to read and process data across the company.

It prevents external or unauthorized people to access and abuse data. There are also software solutions available for encrypting lap tops, removable media as well as secure E-Mail communication guaranteeing that corporate security policies are automatically implemented without the user having to do anything.

A greater awareness amongst employees paired with professional encryption solutions could have prevented the HSBC being added to an ever growing list of companies and organizations having to report failure in protecting their customers' data, fearing image loss and heavy fines from the Financial Services Authority (FSA).

An important principle of the Data Protection Act is that organisations which process personal information must ensure it is held securely. The case of HSBC demonstrates yet again that data protection must be a priority for the private as well as the public sector.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.