Recently my friend the “Rabbott” sent me an interesting link (http://www.tinyurl.com/uapwc) about a recent disclosure effecting the local company Under Armor (UA). The gist of the exposure – an unecrypted thumbdrive was lost. So in a situation like this who do you blame?
Case for blaming PWC: 1. They lost the thumb drive (that is what it sounds like in the article) 2. They were/are the auditors and should have had for securely transfering files between them and UA. 3. They should have never accepted an unencrypted drive and if they did should have made a secure copy of it.
Case for blaming UA: 1. It’s their data they should ensure that it is secure when it leaves their control. 2. Who uses unencrypted drives in today’s environment?
Would love to hear your thoughts – Who is to blame?