E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Source: National Post

Posted on August 2, 2006

      Company road warriors are often targeted not for what they carry in their heads but in their hands, namely their laptops.

      For the thief, the computer laptop has it all. It's a valuable piece of equipment he can easily flip for several hundred dollars, and there's also the potential it will contain personal or business information that can be used or sold to the highest bidder.

      In the United States, an Ernst & Young employee had a laptop stolen from his car. Included with it were the names, addresses, and credit card information of 243,000 customers of Ernst & Young's client Hotels.com. Since the theft, Ernst & Young has encrypted data on all laptops used in its U.S. and Canada offices.

      In November, 2003, a contractor working for Canada's Department of Justice had his laptop stolen out of his office. The laptop contained confidential information that was being used for litigation by the federal government.

      There was an emergency meeting with a number of federal agencies to determine exactly what confidential documents were stored on the laptop. Since then, the Justice Department has brought in new security procedures for its laptop users.

      "We use a very strong product called SecureDocs that only the National Security Agency [NSA] could crack, says Christian Girouard, spokesperson for the department. "It's forced encrypted, forced strong password."

      A lost or stolen laptop is not just a technology issue or of concern to the IT department, it also reaches into privacy issues, especially when the customers of a company find their information has gotten into the wrong hands.

      "A lot of people still view it as an IT issue and it really isn't," says Greg Murray, information, security and privacy leader for PricewaterhouseCoopers IT advisory practice in the Greater Toronto Area. "If I'm a financial institution and I have a loss of identity [such as from an an employee losing a laptop] -- what's the impact on my brand? What does that do to my customer base? What does that do to trust? So it's a much broader issue --the information really goes back to the organization and how people view them."

      It's best for a company or organization to put policies in place ahead of time that will help it identify the security threats to its laptop users, whether from business competitors, organized crime or just a thief who's looking to steal a laptop to trade for drugs.

      "What type of information is on the laptop so you know what you are protecting then you can develop a strategy to protect it," Mr. Murray says. "Keep it simple and don't spend money until you understand what you're trying to protect. A culture of security takes time, but if you work towards that goal you'll find your overall security and privacy spending will drop dramatically."

      Microsoft is responding to the increased security concerns of its customers by coming out with a major Windows update called Vista that will use 256-bit lock protection to encrypt user documents. It is scheduled to be released at the end of this year.

      "If you talk about the loss of a laptop, and a thief trying to gain access to the data, then yes, the bit locker is going to protect the user against that," says Steve Lloyd, chief security advisor for Microsoft Canada.

      "I've heard statistics that say 6% of the laptops before they are decommissioned will be lost. I've even heard higher numbers. I actually know of one company that loses one laptop a day in the organization."

      Even the most conscientious of employees might suffer the loss of a laptop. Technology tools such as encryption can help mitigate the damage.

      "Let's protect employees against themselves," Mr. Lloyd says.

      "So if they do get compromised, whether it's their fault or not, minimize the damage," he says.

      "Bad things are going to happen, we know that -- let's minimize the damage when it does occur."

      Canadian employers should clearly state to their employees the company policy with regard to laptop security and what their responsibilities are.

      "There's no case law in Canada or wrongful dismissal action as a result of a laptop falling into the wrong hands that I know of," says Jock Climie, partner in the Ottawa law firm Emond Harnden.

      He compares the damages an employer might suffer as a result of a lost or stolen laptop computer to the situation where an employee crashes the company car.

      "It's no different. It's negligence causing loss to your employer.

      "I'd advise an employer to assess the level of negligence and assess the value of the damages, and so you weigh the two. You are required under law before dismissing someone for cause to determine whether some measure short of discharge would correct the behaviour."

      In terms of a lost or stolen laptop being part of the employee's so-called personnel record, and that information being passed on to a future employer, it most likely won't happen.

      "There's a whole issue of what should be and shouldn't be disclosed in reference checks. I have lots of clients who are getting away from giving references at all. We'll only say that this person worked here from this date to that date in this position. What I call tombstone data."

      For an employer to judge an employee's action when a laptop is stolen or lost, it's important to examine the context.

      "You look at the entire context when it's an employment matter," says Sheryl Johnson, an employment and labour lawyer at the Toronto firm Grosman, Grosman and Gale.

      "And if the employer has condoned certain behaviour, knew it was happening and didn't do anything about it, then they can't cry about it later.

      "Employers need to think about how secure their workplace is and also let employees know what is expected of them when they are out of the office with a company computer."


10% of laptop computers will be stolen within the first 12 months of purchase.

90% of stolen laptops are never recovered.

49% of companies have had laptops stolen with the last 12 months.

57% of corporate crimes are linked to stolen laptops.

80% of computer crime consists of "inside jobs" by disgruntled employees.

73% of companies had no specific security policies for their laptops in 2003.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.