Listening to the news this morning, my attention was grabbed by the Information Commissioner, on the subject of data security, as he said "Data is being stolen too easily. Laptops, containing personal information and databases, being stolen when they are taken outside of the workplace without proper data encryption."

This issue also affects colleges, although today it's a relief that we haven't had a high profile incident. Many staff have laptops that they use in college and take home for preparation and other work. And if you take a look at the data on them, you'll find some limited data, typically marks and assessments in a spreadsheet, class lists, and perhaps personal contact lists trip. However on many laptops you'll find some extremely sensitive information about students. This is exactly the kind of information which you would want to safeguard.

And on some laptops, in some colleges, you'll find copies of the entire student database, with lots of detail, including home addresses and contact details etc. Typically these will be on the laptops of the management team using the data for analysis and reporting.

So what should you do about it?

1) Do a quick review.

Take a look at a couple of laptops to assess what kind of data are being taken out of college. Maybe a typical lecturer's laptop, and perhaps (if you're brave!) take a look at the data on the laptop of a member of the leadership team.

2) Ensure you have some basic security requirements covered:

Start with the basics, for example: What is your password policy and is it being kept to?

Take a look at our Security Tools and Resources guide on the UK Education website, which includes a link to the Security Risk Management Guide on TechNet.

This guide helps you to plan, build, and maintain a successful security risk management program. In a four phase process, the guide explains how to conduct each phase of a risk management program and how to build an ongoing process to measure and drive security risks to an acceptable level. The guide is technology agnostic and references many industry accepted standards for managing security risk.

3) Plan your next move

When you move to Windows Vista, plan to implement BitLocker Drive Encryption included within Windows Vista Enterprise Edition. This will ensure that all data on your laptops are encrypted to highly secure, government standards. This may be the easiest way to ensure that every bit of data on your laptops remains secure permanently. (Watch the BitLocker video)