Since today is day one of the new blog I felt I needed at least two major contributions to start it of right. This however is from the Edmonton Sun Newspaper, by Kevin Crush. This one, well it might as well be an advertisement for all the encryption companies with removable media encryption solutions -- like Utimaco's SGRM solution (shameless plug) :)
Large organizations have to get better at keeping people's information private, says Alberta's privacy commissioner. "I'm sort of laughing, but I don't know what else to do at this point. It is just very, very frustrating," said Alberta Information and Privacy Commissioner Frank Work.
"We just have to recognize that portables go missing. We had at least four (Capital Health) laptops go missing, and on the weekend we had a memory stick go missing. It's reaching epidemic proportions and I don't know what the answer is."
Yesterday, Work released his report into the theft of four Capital Health laptops last August - one containing 20,000 patient names, health card numbers, addresses and reasons for admittance into the hospital.
Work found that Capital Health did not properly safeguard the information and gave several recommendations for the health authority to better protect people's privacy, including physically securing portable devices, having a valid reason to store health information on portable devices in the first place, and, Work emphasized, to encrypt the information.
"The equation - and we keep hammering at this - the equation is personal information plus a portable equals encryption," said Work.
Capital Health agreed to all of the commissioner's recommendations and was already working on what the next steps would be when they first reported the theft to the commissioner, said spokesman Steve Buick.
For the past year, Capital Health has been working on getting an encryption program set up and hopes to have it ready by January.
"Encryption is the right thing to do," said Buick.
"We've been working at it for a year. It's a very big exercise and we totally sympathize with the commissioner's concerns of the time it takes for big organizations to get it in place."
He noted it takes longer for big organizations to set up encryption programs than it would for a home computer user because of the massive size of the health authority and how complex the information flow is.
Buick said Capital Health is also working on increasing file storage space so less information would be stored on portable devices.
Capital Health will not face any sanctions for the privacy breach. Work said Alberta's laws do not allow for any sort of sanctions but only give him the authority to make recommendations.
No comments:
Post a Comment