In a recent press release, the British Information Commissioner’s Office commented about a recent data loss incident experienced by the Cambridgeshire County Council.  In a roundabout manner, it turns out that an encrypted memory stick triggered a course of events that led to the loss of sensitive personal information.

The council attempted to do the right thing, by providing an encrypted memory stick to its employees, free of charge. However, due to issues with the device, a frustrated employee stopped using the encrypted device provided to him and replaced it with an unapproved, unencrypted one. The unencrypted device contained sensitive information, and unfortunately it was lost, thus resulting in a data loss incident.

This incident brings up an important issue – it’s not enough to have an encryption policy or to...

We're writing to follow up on our post on this issue last November.  Since then, Symantec has provided both a workaround and hotfix to address the client problem encountered with PGP Whole Disk Encryption when updating Mac OS X.  A maintenance release that will proactively address this issue is now available.

In case you missed our earlier communication, in Mac OS X 10.6.5, Apple's automated Software Update mechanism bypasses the protections PGP Corporation had put around a critical file needed for normal system startup.

Prior to the release of the Mac OS X 10.6.5 update, the PGP Engineering team tested every version of the early developer release of the update provided to PGP by Apple and no conflicts were found. However, we identified after the release of the update that Apple's automated Software Update mechanism bypasses...

Part of the role that Symantec takes within the security community is to work together with research groups to identify and understand the trends that shape the market. As part of this effort, Symantec is continuing the work started between PGP Corporation and Ponemon Institute to examine the usage of encryption and how it has been evolving over the years.

Ponemon Institute recently completed the “2010 US Enterprise Encryption Trends Report”, published November 2010.  This report surveyed 964 US I.T. workers in various job functions and asked about their insights into their usage of encryption technology in order to protect information assets.

One of the most interesting insights that emerged from this report is that the reason for making the decision to deploy encryption has undergone a shift. In the past, the primary driver has always been in response to a data breach. In the 2010 report, the respondents noted that...

Bryan Gillson - Senior Director Product Management

Update: As of September 9, 2010, source code downloads of PGP software are again available.

Encryption has always been about trust. Questions about who you trust and who you distrust, are critical to determining whether (and how) to encrypt your data. Of course, trust-related questions go beyond just specific threats and extend directly to the selection of an encryption vendor.

This is why, since its founding, PGP Corporation has made its source code publicly available for cryptographic review. We feel that the ability for the public to study our source code and personally confirm the quality, validity, and security of our cryptographic implementations has been a key reason for the trust placed in PGP Corporation and our products. This belief has been reinforced by many customers across the spectrum: corporate, individual, educational...