JISCMail - DATA-PROTECTION Archives

Additionally when considering the issue of principal 8 one thing I discovered a while ago is that safe harbour only covers a very small number of organisations and even the ones it does cover when they re-register, they self certify in relation to their security and safety controls for data held. 

As such drop box it is something I have from a personal (never had to consider it professionally) perspective always advised against using if there is any level of personal data involved. 

Yudit Collard Treml 
Guidance and Training Manager 
20 year Rule Team
and Deputy Data Protection Officer
Tel: + 44 (0)20 8392 5330 ext 2552
The National Archives, Kew, Richmond, Surrey, TW9 4DU 
www.nationalarchives.gov.uk 

-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Grimbaldus
Sent: 21 January 2013 04:05
To: [log in to unmask]
Subject: Re: [data-protection] DPA compliance and "Dropbox"

In June 2011, Dropbox suffered a severe security failure that exposed the data of some 25 million users to the possibility of abuse.

Even in the past 100 days or so there have been reports of data being lost while synchronising files on Dropbox. 

M

Sent from my iPad

On 20 Jan 2013, at 05:09, Simon Howarth <[log in to unmask]> wrote:

> My understanding is that Dropbox uses US servers which are subject to a Safe Harbour agreement. I am not sure who it is with and the nitty gritty. I read somewhere that they were servers owned by Amazon?
> 
> However, being a user of Dropbox in the past I would not allow it to be used to store personal or sensitive personal data or to be used to transfer such without extra safeguards being in place. I used it for non-confidential data transfer (on a personal basis only).
> 
> Dropbox seems as secure as could be reasonably expected, but I would need to look into its functioning a lot deeper before I made any decision that would be subject to the DPA. On the face of it though it does tick a lot of boxes.
> 
> Depending on what you were transferring, then using Dropbox with an extra encrypted container would provide the assurances you probably need. A popular choice is Truecrypt (which I again use). This would mean that you were placing an encrypted file into Dropbox providing an extra layer of security around your transportation of data.
> 
> One thing that you need to carefully consider is why you need it? If it is to send an occasional spreadsheet to another party that contains a smattering of potentially indentifable information than that is one thing. If you are thinking of using a free product to enable all staff in an organisation to transfer confidential and personal information then I would suggest you need to research the possible options carefully. Interestingly Dropbox offer a commercial product, but  I hav no experience of this - I suspect they will have flowery prose around complance though.
> 
> Finally, don't forget your IT department, they can probably help with advice on the technical aspects of products you are considering. Those IT Chimps have their uses.
> 
> Probably not much of an answer for you - sorry.
> 
> Simon. 
> 
> 
> 
> Simon Howarth
> www.informationedge.co.uk
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>     All archives of messages are stored permanently and are
>      available to the world wide web community at large at
>      http://www.jiscmail.ac.uk/lists/data-protection.html
>     If you wish to leave this list please send the command
>       leave data-protection to [log in to unmask] All user 
> commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list owner
>              [log in to unmask]
>  Full help Desk - please email [log in to unmask] describing your needs
>        To receive these emails in HTML format send the command:
>         SET data-protection HTML to [log in to unmask]
>   (all commands go to [log in to unmask] not the list please)
>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Please don't print this e-mail unless you really need to.

---------------------------------------------------------------------------------

 
National Archives Disclaimer
 
This email and any files transmitted with it are intended solely for the use of the individual(s) to whom they are addressed. If you are not the intended recipient and have received this email in error, please notify the sender and delete the email. 
Opinions, conclusions and other information in this message and attachments that do not relate to the official business of The National Archives are neither given nor endorsed by it.


------------------------------------------------------------------------------------

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^