Is there any reason for not encrypting removable storage?
eWeek news reports another Health Care data breach, this one involving a USB flash drive, adding to previous incidents listed in the article, involving USB drives and lost laptops. While no encryption is unbreakable, if any removable device is likely to contain Personally Identifiable Information (PII), why not make it extremely difficult to access or protect the information by deletingthe data after a set number of failed logons? Ironkey, Kingston and Sandisk all make USB drives that will do this.
Secondly, in either an enterprise or the small to medium business environment, what need is there for removable data storage devices to contain PII? Are banks, insurers or healthcare company employees regularly taking your data home to work on it there? Even if this is necessary, could they not use a Virtual Private Network to access the data stored on the servers in the datacenter?