Handling Corporate Laptop Theft Gracefully

Billosaur writes "From NPR, we get a Marketplace story about the theft of corporate laptops and the sensitive data they may contain, specifically how to handle the repercussions. From the story: 'TriWest operates in about 21 states. It's based in Phoenix, Arizona. In December of 2002, somebody broke into the company's offices and stole two computer hard drives.And those hard drives contained the personal information of 550,000 of our customers from privates in the military all the way up to the chairman of the Joint Chiefs of Staff.' How they handled the situation earned them an award from the Public Relations Society of America."

Re:Encrypt the disks.

[hazem]

If the data is on an encrypted disk, does the thief really have the data if they steal the encrypted disk?

Yes. Because the thief may be able to decrypt the data because they also copied down the password/key that was on a post-it note hidden under the keyboard of the computer. Or they might exploit a flaw in the encryption. Or they manage to socially-engineer access to the key needed to decrypt the data. Or they might have installed a key-logger to get the key and then came back a week later to get the drives too.