Center News

Laptop safety

New standard recommends Center laptops run whole-disk encryption

Photo by Stephanie Cartier Protect your laptop with whole-disk encryption software, available free from the Information Security Office.

Last summer, a laptop computer stolen from the U.S. Department of Veterans Affairs exposed 26.5 million former and current servicepersons to the possibility of identity theft. Closer to home, a laptop carrying Social Security numbers and other personal information on 382,000 people disappeared from a Boeing employee's car last December.

"Several other major organizations have experienced laptop thefts in the last few months that have compromised hundreds of thousands of personal data records," said Dr. Lee Hartwell, president and director. "Anyone with an unencrypted laptop should feel quite vulnerable."

But now, protection for the data within those machines is available in the form of PGP Whole Disk Encryption. The Information Technology Resource and Planning Committee recently approved a laptop-encryption standard that recommends all laptops at the Center carry the whole-disk encryption software. The Administration and Clinical Research divisions have further decided to make the use of whole-disk encryption software mandatory for their laptops.

Available free to faculty and staff from the Information Security Office, the software encrypts every single data bit of the hard drive with a password chosen by the user. One simply enters the encryption password to allow the computer to boot normally. Without the encryption password, the laptop will not boot and the data cannot be read even by forensic software. A thief can reformat the hard drive and sell the laptop but he or she can never read what's inside.

The Clinical Research Division's Dr. Richard Nash is an early adopter of the software. "I take my laptop everywhere I go, so having it encrypted gives me peace of mind knowing the Center and I are protected," Nash said.

Losing laptops in a large organization is an inevitable cost of doing business. On average, the Center loses approximately six laptops a year. All Center laptop thefts are reported to the local police, the Security Department, the Information Security Office and (in cases involving research participant information) the Institutional Review Office. The University of Washington and Seattle Cancer Care Alliance may also get involved if employees have affiliate status and are covered by the UW's security policies. Each organization will likely conduct its own investigation. Depending on the data contained inside the laptop or the circumstance in which it was stolen, the Institutional Review Office may need to take corrective action and report the potential breach of confidentiality to federal and state regulatory authorities. Notice to research participants may also be required when appropriate. All in all, the loss of a Center laptop is an unpleasant ordeal.

Ready to have your laptop encrypted? Call your IT Department to arrange for installation. A rush of requests is anticipated, so please be patient. Requests from those traveling with laptops in the near future will be given priority.

Please note, whole-disk encryption software is not available for Macintosh, Linux or multi-boot laptops at this time.

Center News Table of Contents