e-Safety Thread, DPA/Encrypting USB Pens in School Administration; HI.
Just received a phone-call from probrand telling me that the DPA will be insisting any USB pens with school ...
5th October 2010, 10:08 AM #1
- Rep Power
DPA/Encrypting USB Pens
Just received a phone-call from probrand telling me that the DPA will be insisting any USB pens with school data are encrypted. Anyone else heard about this?
6th October 2010, 07:37 PM #2
If they said that word for word its not quiet the best wording I would say. If you are to take confidential data off school site it must be encrypted, and by far the easiest way is on a Hardware Encrypted USB Flash Drive, of which Proband are the cheapest supplier for SafeSticks around (trust me I have looked in MANY places and they are the cheapest). Cheaper one are often just software encryption which was show recently how easily it can be broken so a SafeStick is a hardware encryption stick so doesn't suffer from that bug.
The BECTA site had some great packs of info on encryption stuff for people to read, lots of You should dos which you should really read as MUST as if you don't do it fine they you won't get murdered, BUT when you do loose some data you will be murdered by the ICO and maybe your LA. Our LA was rather specific saying you MUST use Encrypted USB Drives, Laptops, Files etc if you are taking data off-site, emailing it off-site etc....
This is the BECTA link which has lots of documents on it which I would advise you download and keep so you have them and obviously read them
Becta Schools - Leadership and management - Security - Data handling security guidance for schools
6th October 2010, 08:27 PM #3
Worth noting that the text of the Data Protection Act does not require any particular method of protecting data, including encryption - it just requires that you protect it using "appropriate technical and organisational measures". What those exact measures are is open to interpretation.
As john has stated, BECTA's guiidance strongly advises encryption, as does pretty much anyone with their head screwed on, and LAs may require it... but to say that the DPA itself requires encryption is simply untrue.
6th October 2010, 09:46 PM #4
AngryTechnician and John are spot on ... the technical answer is to hardware encrypt ... the procedural answer is to have a policy which says not to stick it on an unencrypted USB stick and take it off-site.
It is a sales pitch based on some facts ... but still a sales pitch.
6th October 2010, 10:16 PM #5
If you have Windows 7, you can enforce bittlocker encryption on USB devices, the downside of this is that it's a computer and not a per user policy, so you'd have to enable it for everyone, including students :S
6th October 2010, 10:25 PM #6
Also it renders the device read-only on any non-Windows 7 machine.
Originally Posted by DrCheese
25th March 2011, 10:29 AM #7
- Rep Power
I have a USB stick I use with school stuff on it. Files I may need (patches, compatibility packs, etc). I also have PIPS and EProfile data on there.
The sensitive data is stored in hidden truecrypt volumes using the Serpent-Twofish_AES encryption algorythm.
Is this ok or should I be storing stuff on a hardware encrypted stick?
25th March 2011, 04:01 PM #8
From what I've seen of some of the hardware encrypted sticks, what you're doing with TrueCrypt is far more secure.
By jamin100 in forum How do you do....it?
Last Post: 9th June 2009, 11:13 PM
Last Post: 4th September 2008, 05:47 PM
By BKGarry in forum Windows
Last Post: 17th July 2008, 10:19 AM
By Ravening_Wolf in forum Thin Client and Virtual Machines
Last Post: 19th March 2008, 12:25 PM
By alan-d in forum Recommended Suppliers
Last Post: 18th June 2007, 07:47 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)