A recent incident where a company was compromised due to a discarded hard drive could have been avoided.


A notification filed by the attorneys of Pfizer claimed that an employee inadvertently left a backup hard drive in a box that was discarded in the rubbish on 26th March 2009. The hard drive reportedly contained names and Social Security numbers. The notification did not indicate the total number of individuals affected.


Michael Callahan, senior vice president of Credant Technologies, claimed that the situation could have been avoided if the data was encrypted.

Callahan said: “If the health services company had adopted an encryption policy on its sensitive data - whether the data is in transit or at rest – then the accidental disposal of the drive by the New Hampshire staffer wouldn't have been the headline news for the company.


“What makes the case interesting from a policy enforcement approach is that the employee threw the drive into the trash at his home, which means that office security protection systems wouldn't have stopped this from happening.”


He claimed that as the employee was effectively outside of the control of the office security systems the contents of their hard drive was at much greater risk than usual. If there had been a policy for company-wide encryption of sensitive data, the hard drive would have been intercepted and the incident could have been prevented.