A LAPTOP containing personal details of scores of NHS patients is one of nearly 200 computers either stolen or missing from public bodies in the Lothians. The computer held "extensive" data on the psychiatric and personal histories of participants in a medical study, as well as information on whether they had suffered physical or sexual abuse. Edinburgh Evening News, 25 February 2008 Patients’ medical histories stored on stolen laptop
University Policy on the Storage, Transmission and Use of Personal Data and Sensitive Business Information Out With the University Environment Medium and high risk personal data or business information must be encrypted if it leaves the University environment Staff/DPstaff/EncryptionPolicy.htm
Key Principles 1.Avoid downloading personal data 2.Anonymise 3.Use secure shared drive 4.Use remote access facilities 5.If cannot avoid using a mobile device, encrypt
Key Principles 6.Do not use personal equipment 7.Avoid Encrypt Indicate content in title 8.Do not use in public places 9.Take physical security measures 10.Compile and apply retention schedules
What do you need to do? Comply with policy Follow guidance Use recommended USB stick Encrypt laptops Take sensible precautions –Passwords, autolocking –Log out –Destroy, don’t recycle –Know your software services/services/computing/desktop-personal/encryption