in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

UK Health Data Encryption: Cardiff & Vale University Signs Undertaking With ICO

An Undertaking was recently issued by the UK's Information Commissioner's Office (ICO) to Cardiff and Vale University Health Board.  The Undertaking is the climax of a medical data breach that was reported in November 2012, the event set off by the loss of a psychiatrist's bag from his bicycle.  The first time that I came across the story, everything seemed bucolic: bicycle, bag, CV's...no mention of computer hardware anywhere.  It sounded like one of those events where medical data disk encryption like AlertBoot would be out of place.

But then again, maybe not.

ICO Inquires About Encryption

Perhaps I'm reading too much into it, but this paragraph stood out to me (emphasis mine):
The ICO was informed about the breach on 26 November 2012 and upon contacting the health board was informed that alternative means of transporting the data, such as the use of an encrypted portable device, or remote server access was available. However these options had not been clearly communicated to staff and the staff member involved had not received training at the time of the incident.
Now, why would the ICO be inquiring about disks with encryption or remote server accessibility?  The implication appears to be that a digital device – a laptop computer, a USB flash memory device, an external hard disk drive, or perhaps even a CD or DVD – was involved.  I mean, if the ICO is asking for cryptographic solutions for paper documents, well, they're really overreaching.  Encryption software is one of the easiest ways of securing sensitive data, but only because computers have come a long way.  Cryptographically securing paper documents – I wouldn't wish that on my worst enemies.

On the other hand, check out this quote from ICO Assistant Commissioner Anne Jones (emphasis mine):
This data breach was entirely avoidable. Having measures in place to keep information secure only works if staff are properly informed of those measures. Staff should not be carrying round sensitive papers because they’re unaware they can remotely access a secure network.
Could it really be?  Is the ICO honestly suggesting that people should choose electronic formats over paper documents when it comes to sensitive data?  Me thinks that this is actually a scathing commentary on properly educating and training staff, and not criticism on paper itself.

However, that is one of heck of a quote.  I can only hope that Ms. Jones was being quoted out of context.

Related Articles and Sites:
http://www.ico.org.uk/news/latest_news/2013/medical-records-lost-on-bike-ride-home-04102013
http://www.phiprivacy.net/uk-cardiff-vale-university-health-board-sign-undertaking-with-ico-after-loss-of-consulting-psychiatrists-rucksack-with-sensitive-documents/

 
<Previous Next>

Canada Data Breach Encryption: Region Of Peel Announces Patient Data Breach

UK BYOD: ICO Issues Undertaking To Royal Veterinary College After Camera Mishap

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.