in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: Canada's PHIPA Requires The Use Of Encryption On Mobile Health Data

The Durham data breach from last week (and reported earlier this week) has been met with incredulity by the Ontario Information and Privacy Commissioner.  A directive to use data encryption has been issued, prohibiting the transfer of sensitive data if encryption is not used.

As you'll recall, the loss of a USB key meant the breach of 83,000 patients who had received flu shots in the Durham Region.

PHIPA 2007

The Commissioner has pointed out that the Personal Health Information Protection Act (PHIPA), passed in 2007 expressly for Ontario, directs that "health information custodians not...transport personal health information on laptops or other mobile computing devices unless the information was encrypted."

You'll notice that this implies PHIPA is much more strict that PIPEDA when it comes to the encryption of sensitive data.  While, per the above, PHIPA requires the use of encryption, PIPEDA, under 4.7.3 (c) only seems to recommend it ("the method of protection should include..." is how it reads.  "Should include" is not the same as "must include").

What To Do If You're Not In Compliance In Ontario

The easy answer--perhaps even flippant--is to go ahead and encrypt your laptops and other portable devices that contain sensitive data (such as external hard disk drives).  Granted, depending on the solution used, you may have to wait for someone to visit you after you sign up for the service (but not so in other cases).

But if you must really, really transport those unencrypted sensitive files using something like a USB memory stick, the Commissioner has "advised that any unencrypted personal health information that needs to be transported,must be in the physical possession of the person responsible, at all times, until it reaches its secure location. This is only an interim measure until full encryption processes can be put into place."

Hold on to that thing really, really tight.  Or, you could just set yourself up with encryption right away.

Related Articles and Sites:
http://www.phiprivacy.net/?p=1716
http://laws.justice.gc.ca/en/P-8.6/FullText.html

 
<Previous Next>

Data Encryption Software: Northern Ireland Department of Finance and Personnel Loses 12 Laptops

An Alternative To Deleting Data? The Rfiddler Looks Cool, Sounds Cool, Perhaps Can Do The Job

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.