And for additional confidence I would look to make the transfer to the
laptop and immediate secure deletion of the scanner bundled as one utility
and restrict the ability of users to access the transfer (or run the
scanner?) outside of this utility.  Your secure laptops should have port
control which ought to be able to support this process.

Regards

Jim
 ===========================================================================
===============
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Griffiths, Ian
Sent: Thursday, June 10, 2010 9:25 AM
To: [log in to unmask]
Subject: Re: [data-protection] Portable Scanning

There is software available to entirely remove the data from removable
media.  The exact procedure will depend on how the pen is connected and how
it appears to the computer, but it is possible.  Running this process before
the fieldworker leaves the house should solve the problem.
 
Ian

________________________________

From: This list is for those interested in Data Protection issues on behalf
of Phil Bradshaw
Sent: Wed 09/06/2010 17:58
To: [log in to unmask]
Subject: [data-protection] Portable Scanning



A growing number of our fieldworkers are using portable scanning to increase
efficiency and effectiveness. e.g. they may scan personal documents at a
clients home to avoid an office appointemnt or use of post, which causes
delay and /or has other risks.

They are typically using pen type devices, which work well in practice.
Image is then transferred to a (very secure !) laptop before later upload to
main systems.

The scanning devices are however not encrypted. We have not been able to
identify workable encrypted alternatives at the present time - too slow, too
prone to crash or simply unreliable. They are wiped after transfer before
leaving the scanning location. There is a theoretical risk however that if
lost, although apprently empty, with the right tools an expert could
retrieve most recent images.

Has anyone come across this issue and found a risk free solution ? Or does
anyone accept such a risk on the basis that e.g. safer to lose an apparently
blank device  with a few fairly low level personal documents rather than a
briefcase full of originals / photocopies.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^