Thanks Richard - this looks very useful.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Richard Hopkins
Sent: 19 February 2010 15:50
To: [log in to unmask]
Subject: Re: [data-protection] Transfer of data to our organisation from
other organisations.[Scanned]
Office 2007 (unlike previous versions) also has satisfactory encryption
facilities:
"Office 2007 uses AES (Advanced Encryption Standard) with a 128-bit key
and SHA-1 hashing. For stronger protection, you can increase the key
length
to 256 bits by editing the registry or using Group Policy". Setting the
key
length to 256 is to be preferred for "highly sensitive" data and is the
setting recommended in the Center for Internet Security's recently
published "Security Configuration Benchmark For Microsoft Office 2007"
<https://www.cisecurity.org/tools2/CIS_Microsoft_Office_2007_Benchmark_v
1.>
Our (Office 2007) guidance is at:
<http://www.bris.ac.uk/infosec/docs/2007encrypt.pdf>
7-zip is also more than acceptable (and free). I'm sure UCL won't mind
me
pointing the list at their 2 pages...
<http://www.ucl.ac.uk/cert/EncryptedArchives7zip.html>
<http://www.ucl.ac.uk/management-systems/ads/guidance/howdoi/7zip>
Cheers,
Richard
--On Thursday, February 18, 2010 12:38 PM +0000 Simon Howarth
<[log in to unmask]> wrote:
> You should be encrypting this sort of information. WinZip (latest
> versions) provide good encryption for reasonable cost especially when
> coupled with a complex password.
>
>
>
> However, you need to consider your sources too. By "other
organizations"
> do you know that they are entitled to share this information with you
and
> for what purposes are you collecting it? It's not simply about
securing
> the data in transit, but whether or not the information should be
shared
> in the first place.
>
>
>
> I suggest that if this is a major piece of work and/or will be
regular,
> that you document the sharing procedures and make sure that the other
> organizations are fully aware of their own obligations too.
>
>
>
> Simon Howarth.
>
>
>
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Barlow, Jackie
> Sent: 18 February 2010 11:50
> To: [log in to unmask]
> Subject: [data-protection] Transfer of data to our organisation from
other
> organisations.
>
>
>
> Dear colleagues,
>
>
>
> We are considering the transfer of data in to us from other
organisations
> in the UK and also from outside of the EEA. This data will involve
names,
> addresses, dates of birth and email addresses etc.
>
>
>
> We are concerned about the level of security and feel that a
spreadsheet
> attached to a simple email is not sufficient.
>
>
>
> I would be grateful for any advice/information from colleagues who
have
> dealt with similar situations.
>
>
>
> Many thanks.
>
> Jackie
>
>
>
> Jacqueline Barlow ACIB MBA
> University Records Manager
>
> Anglia Ruskin University
> Office of the Secretary and Clerk
> 3rd Floor
> Tindal Building
> Chelmsford
> CM1 1SQ
>
> Direct dial 0845 196 4215
>
>
>
>
>
>
> EMERGING EXCELLENCE: In the Research Assessment Exercise (RAE) 2008,
more
> than 30% of our submissions were rated as 'Internationally Excellent'
or
> 'World-leading'.
> Among the academic disciplines now rated 'World-leading' are Allied
Health
> Professions & Studies; Art & Design; English Language & Literature;
> Geography & Environmental Studies; History; Music; Psychology; and
Social
> Work & Social Policy & Administration.
> Visit www.anglia.ac.uk/rae for more information.
>
> This e-mail and any attachments are intended for the above named
> recipient(s) only and may be privileged. If they have come to you in
error
> you must take no action based on them, nor must you copy or show them
to
> anyone: please reply to this e-mail to highlight the error and then
> immediately delete the e-mail from your system.
>
> Any opinions expressed are solely those of the author and do not
> necessarily represent the views or opinions of Anglia Ruskin
University.
>
> Although measures have been taken to ensure that this e-mail and
> attachments are free from any virus we advise that, in keeping with
good
> computing practice, the recipient should ensure they are actually
virus
> free. Please note that this message has been sent over public networks
> which may not be a 100% secure communications
>
> Email has been scanned for viruses
<http://www.altman.co.uk/emailsystems>
> by Altman Technologies' email management service
>
> _____
>
> All archives of messages are stored permanently and are available to
the
> world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
> Selected commands (the command has been filled in below in the body of
the
> email if you are receiving emails in HTML format):
>
> * Leaving this list: send leave data-protection to
> [log in to unmask]
> <mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
> * Suspending emails from all JISCMail lists: send SET * NOMAIL to
> [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
> * To receive emails from this list in text format: send SET
> data-protection NOHTML to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
> * To receive emails from this list in HTML format: send SET
> data-protection HTML to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
>
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body
of
> an otherwise blank email to [log in to unmask]
>
> Any queries about sending or receiving messages please send to the
list
> owner [log in to unmask]
>
> (Please send all commands to [log in to unmask] not the list or
the
> moderators, and all requests for technical help to
> [log in to unmask], the general office helpline)
>
> _____
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm Any queries about
sending
> or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing
your
> needs To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
Richard
http://www.bris.ac.uk/infosec
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|