|
The Information Commissioner's Office (ICO) has recently taken a hard line
approach with organisations that lose personal data, imposing
significant fines as well as adopting a policy of “naming and shaming”.
So here is a sobering thought. If you lose a
portable device containing personal data, which does not include
encryption and a password, and somebody complains to the ICO, the Directors of your organisation will be
held liable.
Most office networks are securely isolated from the Internet.
However, it is increasingly common to hold data on portable
computers, mobile phones, “memory sticks” and even MP3 players.
The more sensitive the information you handle, the more likely this
is to become an issue. If you store your clients’ financial or medical
data, then you really need to be taking action fast. But do remember
that, at least as far as the Data Protection Act is concerned,
employees are people too and information such as performance reports,
salaries, sickness records and even expenses claims are
considered personal data.
|
|
The Information Commissioner has stated that personal data MUST be
protected by encryption when in transit so be aware that Windows Vista (and 7)
include features to encrypt the entire hard disk of a portable.
Windows XP on the other hand requires additional encryption software.
Recent generations of portable devices (such as phones and PDAs)
possess the ability to encrypt data, but some do not. If you have
your email delivered to your mobile phone, then you must seriously
consider what information you should be handling via email. Although
this falls short of the ICO’s stated requirements, you should at the very least enable a PIN
or password to prevent the device from being readily accessed if lost.
Facilities to allow the remote control of an office-based system
have been included in Windows for the last 7 years. This technology just sends
keyboard, mouse and screen information over the Internet (in an
encrypted form) and leaves the data within your office network. This
approach provides the best security and minimises the risk of data
being corrupted by a poor connection, but it does require an active
Internet connection.
|
