Encrypting Paper Records
The Risk
Despite the rapid growth of digital systems and their adoption by organisations or all types and sizes, it seems that we are still unable to move away from paper based records. For example, legal case files are still in the main a collection of paper records from various sources, often containing personal and sensitive information.
These paper based records are still with us for the very good reason that they can be picked up and taken with you to continue working on the train, from home or on a client site. However, this is exactly where the weakness lies, the ability to easily pick the file up makes it vulnerable to loss or theft, the result of which, under current legislation is not limited to embarrassment but stretches to sizeable fines. An example of this is detailed at the end of this page. Please click here to contact us for further information.
The Solution
To enable a mobile workforce so that they have the tools and information at their fingertips, regardless of location, whilst maintaining an acceptable level of security can be achieved by simply converting paper based records to electronic records. These electronic records are then encrypted and stored on highly secure servers allowing remote access from internet enabled devices. Data is encrypted during storage and transmission, ensuring security.
Restrictions can be implemented to ensure that employees can only access records to which they have been granted the necessary access rights and limits can be put in place to prevent printing and distribution. New documents can be added as required to maintain the complete picture of a particular case or file. Please click here to contact us for further information.
Please see our Castrum page for additional information or contact us on 0800 371212 to discuss our data management and protection services.
Council Fined £70,000 for losing highly sensitive data
The London Borough of Barnet has been issued with a penalty of £70,000 for losing paper records containing highly sensitive and confidential information, including the names, addresses, dates of birth and details of the sexual activities of 15 vulnerable children or young people.
The loss occurred when a social worker took the paper records home to work on them out of hours. The social worker’s home was burgled in April last year, and a laptop bag, containing the records and an encrypted computer, was stolen.
The ICO’s investigation found that the council failed to take appropriate organisational measures against the accidental loss of personal data held on paper records. Although the council had an information security policy and some guidance for staff on handling sensitive papers, the measures failed to explain how the information should be kept secure.
The penalty comes after the council signed an undertaking in June 2010 following an earlier incident, during which an unencrypted device containing personal data was stolen from an employee’s home. While the council later introduced a paper handling policy following the undertaking, this policy was not in place at the time of the second loss.
Simon Entwisle, the ICO’s Director of Operations, said:
“The potential for damage and distress in this case is obvious. It is therefore extremely disappointing the council had not put in place sufficient measures in time to avoid this second loss.
“While we are pleased that Barnet Council has now taken action to keep the personal data they use secure, it is vitally important that organisations have the correct guidance in place to keep sensitive paper records taken outside of the office safe. This includes storing papers containing sensitive information separately from laptops.”
Please complete the form below to contact us for further information.
