Anyone else see the gaping hole?
They are assuming that any device reported stolen contained sensitive data and was unencrypted.
It's all just marketing.
Thefts and losses of computers and laptops often go unreported to data privacy watchdogs and could represent a huge hidden risk for the leak of confidential data, according to new research. The Information Commissioner’s Office received 1,089 data breach reports between March 2014 and March 2015, yet police forces across the …
Ok, company selling encryption software wants to big-up the risks is hardly unexpected, but the fact is that "the private sector is still greatly under-reporting the number of potential breaches it encounters" because they'd far rather sweep it under the carpet than admit to their failures which could stop people from using their services...
No surprise there really: if the small company I work for had a data leak, would I or anyone else publicly report it? I honestly don't know: with no legal obligation to do so, I imagine not. Why would we? Of course, I like to be proactive and keep everything properly secured anyway...
This company's got a product to push, of course, but that doesn't necessarily make it wrong. I'd like to see the ICO giving more detailed guidance (to be fair, they do already give some) and explicitly linking future penalties to how closely they've complied with it. (Maybe they do that now - but if so, that needs to be more widely reported, so everyone else knows about it.)
> if the small company I work for had a data leak, would I or anyone else publicly report it?
That would depend on what data you were holding. If you were working for a larger company, data leaks should most probably be reported.
The issue is where the lines are drawn, not whether there should or shouldn't be reporting.