[GRLUG] Data on portable media
Douglas Rehfeldt
drehfeldtusa at gmail.com
Thu Nov 29 13:51:11 EST 2007
The statement "but now we're replacing about 1 a month due to lost items"
got me thinking. Mmm, I would guess that there are some HIPAA requirements
related to this data. Encryption might not just be an option.
An organization is charged with securing confidential information. It can be
held negligent if it does not take "reasonable steps" to protect the
information. Consider a jury trial involving a negligence lawsuit, would
the jurors consider allowing thumb drives without encryption or a secured
file system a reasonable action by an organization charged with securing
their private information? I'm not a lawyer, but if I was a juror for a
HIPAA-type organization on trial, it would be difficult to convince me that
the organization wasn't negligent given the technology and security controls
available today. Then again, I'm not a lawyer.
More information about the grlug
mailing list