I think we are in danger of getting hung up unnecessarily on encryption.
Whilst encryption is a fantastic way of securing data in transit (USB sticks can be bought with encryption
methodologies on them), it's not just about encryption per se.
We need to be thinking about ensuring that Information Security Policies accurately cover the requirements of
organisations' needs. Education of staff in information privacy is woefully lacking in so many organisations, both
public and private and the level buy-in of senior management is similarly low.
What is required is a top-down approach which encompasses all possible transfer methods and build robust procedures
for the sharing of personal information that is commensurate with the risk associated with loss.
Data sharing agreements can also help as it's not just about data getting lost in transit, it's what happens when
Gov Dept. A provides confidential data to private organisation B (legitimately) and no one thought to ask
Organisation B what its procedures are, and so that information is then distributed onwards - believe me, this is a
real threat. Whilst DS agreements are not the be all and end all, well written and implemented they close off one
avenue of "abuse".
This is a fantastic opportunity to review data sharing and information/records management as a whole and get senior
management buy-in to this issue. Certainly I have advised my clients (both government and private), to review their
processes (if they haven't already) and engage directors/senior people in discussion about priorities regarding
confidential information management.
Simon Howarth.
The Information Edge
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|