The Value of the Information Asset

Flicking through one of the local newspapers this morning (the Wexford People) I spotted a story about a laptop that had been stolen from a primary care Medical Centre in Wexford town last week.

What struck me about the story was how they made a point of stressing the value of the laptop (€1500) but at no time did they mention whether or not the laptop held any personal data relating to patients at the Medical Centre in question.

Assuming for a moment that it did, that means that sensitive personal data within the meaning of the Data Protection Act was stolen. We can only assume that the Medical Centre had appropriate security precautions on the laptop such as encryption to ensure that such data can’t be accessed by unauthorised persons.

The whole thing brought to mind an article I wrote for the Small Firm’s Association “Running your Business” magazine a few years back where I gave the following scenario:

You are standing in your office as a fire alarm goes off. In front of you there is a Louis XIV desk, a €1500 laptop that is brand new, and a CD containing all of the critical information about your company’s top 50 customers for the past 5 years. You can pick up one item. Which do you choose?

It looks like the Wexford People chose the laptop.

Information is a critically important business asset which needs to be cared for and tended to. This starts with simple precautions for physical security (such as spending €30 on a cable to lock the laptop to your desk or keeping doors closed and locked where sensitive information is being stored) but must extend to thinking about how much information you have that you no longer need, and what the quality of that data is in terms of its accuracy, completeness, and general “fitness for purpose”.