Does a VPN have Data Protection implications?
In my view, as long as the VPN is set up properly it is far preferable to
transporting data back and forth on a laptop or USB stick. There is far
less chance of the data going astray in transit, and since the data is
always held on the remote server there is no need to synchronise different
versions. So a VPN helps you to tick boxes under Principles 4 and 7.
The key thing is to ensure that the authentication at the remote end is
robust. In other words your setup must not permit username and password to
be 'remembered' by the remote machine, and if the data is highly
confidential then additional security such as fingerprint recognition or
two-factor log-in using a token of some kind may be appropriate.
You also need to train the users not to print out confidential material at
home and leave it on the kitchen table for all and sundry to read. But
that's no different from people taking paper copies home in their briefcase
and reading them in full view on the train (person sitting opposite me the
other day reading documents clearly stamped 'confidential' on every page,
please take note).
Paul Ticher
0116 273 8191
www.paulticher.com
22 Stoughton Drive North, Leicester LE5 5UB
----- Original Message -----
From: "Simon Howarth" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, March 19, 2012 3:09 PM
Subject: Re: Working from home DP clauses in policies
You have a point. Although I would say that risk is inherent in any access
to information, regardless of method. It's the acceptable level of risk that
is the key.
VPN's, remote access - call it what you will, will always have risks
associated with inappropriate disclosure and it is a constant source of
navel gazing as to how it is managed and what is acceptable or not. It's all
about balancing the need to be able to "get on and do it" with protection of
the information.
Whilst I could provide some older examples of homeworking and working from
home policies., I suspect there are more recent examples. However, let me
know if older examples are of interest.
I would say as well, that "homeworking" is different to "working from home"
and the two should not be confused as they attract different risk areas and
pressure points.
Simon Howarth MBCS CITP
www.informationedge.co.uk
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Trevor Pearce
Sent: 15 March 2012 14:49
To: [log in to unmask]
Subject: Re: [data-protection] Working from home DP clauses in policies
At the risk of providing several answers that don't help with the original
question - I have often idly wondered how Virtual Private Networks fit in
with data protection requirements. Access to VPN often gives users access to
sensitive personal data from their home PC; does this place users at risk?
--
From: Trevor Pearce
Deputy Academic Registrar (Academic Services)
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Macauley
Sent: 15 March 2012 14:45
To: [log in to unmask]
Subject: Re: [data-protection] Working from home DP clauses in policies
I would be interested in this as well, from the point of view of teachers
working on student data at home Si
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Michelle Peel
Sent: 12 March 2012 14:21
To: [log in to unmask]
Subject: [data-protection] Working from home DP clauses in policies
Hi,
Request for my Local Authority colleagues - would anyone be willing to share
their organisation's policies on working from home with personal client data
please? Particularly for social workers taking files home to work on. Either
social care specific or corporate policies - anything would help as I am
wanting to build a picture of working practice to go alongside the legal
requirements of the DPA to put to our management team.
Many thanks,
Michelle Peel
CYPS Information Governance Officer
Trafford Council
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands
can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands
can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands
can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|