Aardvark Daily

Please visit the sponsor!

Insurers to demand encryption?

Encryption is usually seen as something that gets applied only to extremely valuable or sensitive data and communications. Very few businesses routinely use encryption as a method of protecting their business records.

An incident in the UK may soon see business insurers demanding that all records are kept in encrypted format, so as to limit their exposure to prosecution should they be lost or stolen.

With ID theft on the rise, it makes sense for any information about other people that you are storing on your computer be protected by such systems, especially when they can be relatively trivial to implement.

Of course while this may please the insurance industry and those whose private data may be at risk, I strongly doubt that the governments of the world will be too chuffed with the prospects of widespread adoption of encryption.

However, since (in this case) it was the UK government (in the form of the Information Commissioner's Office (ICO) that effectively imposed the 5,000 pound penalty, it would be very hard for them to complain if companies do start protecting business records by way of hard encryption.

The UK and NZ already have some draconian provisions to ensure that the keys to any encrypted files must be handed over "on demand" but routine encryption would make the job of covert snooping much harder for "the powers that be" and for that reason alone, it's got to be a good idea.

Given the similarities between UK and NZ laws, one can't help but wonder whether everyone should be taking extra care to protect things such as their address books, email and the like.

Although the NZ government and its agencies seem to have an automatic immunity to prosecution in the case of gross privacy/security breaches, I doubt the same applies to the private sector.

I wonder how NZ's Privacy Commissioner would handle a situation such as the one described in the Telegraph story (linked above)?

What if the "offender" was a sporting or hobby club? Would they be liable for a stiff fine caused by what is effectively a case of contributory negligence by way of not adequately protecting the data through encryption?

Indeed, what about sites such as Aardvark that operate forums which, within the walls of their databases, have a full list of users email addresses and other information that could potentially be used to assist with identity fraud?

Or should we remember the lesson that has been highlighted over and over again: in the 21st century, you should have *no* expectation of privacy.

Please visit the sponsor!

Have your say on this...

PERMALINK to this column

Rank This Aardvark Page

Change Font