Shaheen N Abdul Jabbar

Posts Tagged ‘Encryption’

How Stuff Works.com has put up a great tutorial in layman’s language on how VPN work – http://computer.howstuffworks.com/vpn.htm

Have you ever thought about your medical records ending up in USB keys, CDs or DVDs? Well thats what happens when your medical record is subject to a medical research. Information collected on your disease are saved in a repository for understanding trends and behaviours. This include your medical history and type of medication taken.

Some countries do have statutory requirements to protect personal identifiable information, however the custodians of such data does not care where they end. Clinical Researchers and Physicians are not aware of the ramifications due to loss of such information. Often such records are handled by under paid research assistants who are concerned more on the delivery of the end results of their research rather than the security of such records.

Your medical records are stored in-clear in the laptops, USB storage devices and in the email applications such as Gmail, Yahoo Mail and Hotmail -they are not encrypted.

It should be made mandatory on all custodians of such data to encrypt or obfuscate so that the records cannot be traced back to an individual in case they are stolen.

Should I be concerned that someone had already  dissected my health information and is operating on it? May be! So much for the great excel application from Microsoft!

Very frequently, we hear news of stolen laptops that contains sensitive information which could potentially be anything from Personal Identifiable Information (PII) to corporate intellectual information.  The latest being the news in Canada that a consultant for the Provincial Public Health Laboratory lost a laptop that includes names, Medical Care Plan numbers, age, sex, physician and test results for infectious diseases, including HIV and hepatitis.

So how do we protect ourselves? Well, there is no hard and fast solution. However, we can be proactive.

First and the foremost, we need to be aware of the information that we carry along with us. If there is any information that is potentially sensitive, then it needs to be encrypted. There are various solutions in the market. Vendors such as RSA Security, Entrust, Pointsec and PGP are some of the major players in this arena.

Some solutions do not force the user to encrypt a data and is at the discretion of the laptop user. However others force you to do so. The latter ones are better if you know most of the information you carry are not for the public.

In any case, it would be good, if you do not advertise to the world that you are carrying a laptop. Remember those executive bags that we carry around, that tell the whole world that you have a laptop. Moreover, carry a laptop lock wherever you go. Some prefer the keyed ones, others the number locks. Either is fine as long as it prevents your laptop to be snatched away.

When you travel on business, try not to advertise the world that you belong to well known corporations. Remember those in-flight conversations that you have with your colleagues? That would help someone to follow you after the flight!