UPS data leak prompts laptop encryption

Aug 17, 2009 14:21 GMT  ·  By

Shipping giant UPS has decided to encrypt all digital data stored on company mobile devices and laptops after a serious data leakage that occurred in October 2008. This measure was announced at the beginning of August 2009 and will affect only the United Kingdom branch of the company.

This measure was put into place after a laptop was reported missing by a UPS employee traveling abroad last year. The computer contained payroll information on more than 9,000 UK employees detailing names, addresses, dates of birth, salaries, several bank account numbers and insurance numbers.

Since the laptop was only password-protected, the data is supposed to have been exposed. The laptop couldn't be recovered, and at that time numerous protective measures were taken to shield the affected employees.

Meanwhile, the UK Government adopted the Data Protection Act in the UK, UPS's decision having come at the right time and in the right branch. All laptops and mobile devices being used by UPS employees will have encryption software installed on them to prevent other company information data leaks.

Mick Gorrill, assistant information commissioner, said that, "Password protected laptops are not secure. I urge all organizations to restrict the amount of personal information that is taken off secure sites. [...] I am pleased that UPS has encrypted its laptops and smartphones, and I urge other organizations to follow suit. [...] UPS is updating its security policies and is implementing a number of other changes to protect personal information in the future."

No information or other details were released on the type of software that would be used to perform the encryption process, or on when this would be implemented into the UPS daily operations. It is known that, after the 2008 incident, the Information Commissioner's Office has been pushing UPS to make this move to avoid other damages to UPS personnel.