Office 2007 (unlike previous versions) also has satisfactory encryption
facilities:
"Office 2007 uses AES (Advanced Encryption Standard) with a 128-bit key
and SHA-1 hashing. For stronger protection, you can increase the key length
to 256 bits by editing the registry or using Group Policy". Setting the key
length to 256 is to be preferred for "highly sensitive" data and is the
setting recommended in the Center for Internet Security's recently
published "Security Configuration Benchmark For Microsoft Office 2007"
<https://www.cisecurity.org/tools2/CIS_Microsoft_Office_2007_Benchmark_v1.>
Our (Office 2007) guidance is at:
<http://www.bris.ac.uk/infosec/docs/2007encrypt.pdf>
7-zip is also more than acceptable (and free). I'm sure UCL won't mind me
pointing the list at their 2 pages...
<http://www.ucl.ac.uk/cert/EncryptedArchives7zip.html>
<http://www.ucl.ac.uk/management-systems/ads/guidance/howdoi/7zip>
Cheers,
Richard
--On Thursday, February 18, 2010 12:38 PM +0000 Simon Howarth
<[log in to unmask]> wrote:
> You should be encrypting this sort of information. WinZip (latest
> versions) provide good encryption for reasonable cost especially when
> coupled with a complex password.
>
>
>
> However, you need to consider your sources too. By "other organizations"
> do you know that they are entitled to share this information with you and
> for what purposes are you collecting it? It's not simply about securing
> the data in transit, but whether or not the information should be shared
> in the first place.
>
>
>
> I suggest that if this is a major piece of work and/or will be regular,
> that you document the sharing procedures and make sure that the other
> organizations are fully aware of their own obligations too.
>
>
>
> Simon Howarth.
>
>
>
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Barlow, Jackie
> Sent: 18 February 2010 11:50
> To: [log in to unmask]
> Subject: [data-protection] Transfer of data to our organisation from other
> organisations.
>
>
>
> Dear colleagues,
>
>
>
> We are considering the transfer of data in to us from other organisations
> in the UK and also from outside of the EEA. This data will involve names,
> addresses, dates of birth and email addresses etc.
>
>
>
> We are concerned about the level of security and feel that a spreadsheet
> attached to a simple email is not sufficient.
>
>
>
> I would be grateful for any advice/information from colleagues who have
> dealt with similar situations.
>
>
>
> Many thanks.
>
> Jackie
>
>
>
> Jacqueline Barlow ACIB MBA
> University Records Manager
>
> Anglia Ruskin University
> Office of the Secretary and Clerk
> 3rd Floor
> Tindal Building
> Chelmsford
> CM1 1SQ
>
> Direct dial 0845 196 4215
>
>
>
>
>
>
> EMERGING EXCELLENCE: In the Research Assessment Exercise (RAE) 2008, more
> than 30% of our submissions were rated as 'Internationally Excellent' or
> 'World-leading'.
> Among the academic disciplines now rated 'World-leading' are Allied Health
> Professions & Studies; Art & Design; English Language & Literature;
> Geography & Environmental Studies; History; Music; Psychology; and Social
> Work & Social Policy & Administration.
> Visit www.anglia.ac.uk/rae for more information.
>
> This e-mail and any attachments are intended for the above named
> recipient(s) only and may be privileged. If they have come to you in error
> you must take no action based on them, nor must you copy or show them to
> anyone: please reply to this e-mail to highlight the error and then
> immediately delete the e-mail from your system.
>
> Any opinions expressed are solely those of the author and do not
> necessarily represent the views or opinions of Anglia Ruskin University.
>
> Although measures have been taken to ensure that this e-mail and
> attachments are free from any virus we advise that, in keeping with good
> computing practice, the recipient should ensure they are actually virus
> free. Please note that this message has been sent over public networks
> which may not be a 100% secure communications
>
> Email has been scanned for viruses <http://www.altman.co.uk/emailsystems>
> by Altman Technologies' email management service
>
> _____
>
> All archives of messages are stored permanently and are available to the
> world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
> Selected commands (the command has been filled in below in the body of the
> email if you are receiving emails in HTML format):
>
> * Leaving this list: send leave data-protection to
> [log in to unmask]
> <mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
> * Suspending emails from all JISCMail lists: send SET * NOMAIL to
> [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
> * To receive emails from this list in text format: send SET
> data-protection NOHTML to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
> * To receive emails from this list in HTML format: send SET
> data-protection HTML to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
>
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of
> an otherwise blank email to [log in to unmask]
>
> Any queries about sending or receiving messages please send to the list
> owner [log in to unmask]
>
> (Please send all commands to [log in to unmask] not the list or the
> moderators, and all requests for technical help to
> [log in to unmask], the general office helpline)
>
> _____
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending
> or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
Richard
http://www.bris.ac.uk/infosec
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|