Clare,
I would always advise the encryption of personal/sensitive information when
sent via email even to a supposed secure network (e.g. nhs.net to
pnn.police.uk) the transfer may be secure in the example, but it does not
preclude the corporate idiot forwarding the message on accidently to an
inappropriate recipient. At least if the substantive data is encrypted, then
there is an added level of security.
In terms of encryption behind a firewall, I would NOT recommend encrypting
information held on a corporate network so long as there are proper access
controls and security in place. The main reason for this is that someone
will have to hold the encryption key and I have had to deal with instances
(very often) where a file or files have been encrypted and people have moved
on taking the knowledge of the key with them. Or even that they have just
forgotten the password. This means that potentially critical business files
are rendered useless. Never encrypt your "master" copy of the data unless
you have robust key management processes in place or there is another
overriding business reason - and even then, get key management in place.
Proper access control should allow information to be available only to those
that have the authority to see it without the need for encryption.
Encryption is more and more being seen as a panacea for security, but it is
just another (albeit very powerful) tool in an armoury of things that
responsible organisations should be using to ensure compliance with
information privacy legislation and guidelines.
Simon Howarth.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Clare Watts
Sent: 29 January 2009 09:00
To: [log in to unmask]
Subject: [data-protection] Encryption within your Firewall
Dear list members,
I was hoping to conduct a mini benchmark of any financial organisational
members on the list.
I'm interested in knowing how many of you have encryption set up within your
firewall for the transfer and storage of Personal Data.
In addition, I'd like to know how many of you as Data Privacy Practitioners
believe you should have this protection in place.
I am familiar with the arguments for and against in terms of the low risk of
external interception versus the fact that those with access internally
generally already being entitled to the data in the first place etc etc. but
any
guidance issued on this subject would also be welcome as I may have missed
something.
Regards,
Clare Watts
DPO - FCE Bank Plc
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|