+ Post New Thread
Results 1 to 8 of 8
e-Safety Thread, DPA/Encrypting USB Pens in School Administration; HI. Just received a phone-call from probrand telling me that the DPA will be insisting any USB pens with school ...
  1. #1

    Join Date
    Sep 2010
    Posts
    29
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    DPA/Encrypting USB Pens

    HI.

    Just received a phone-call from probrand telling me that the DPA will be insisting any USB pens with school data are encrypted. Anyone else heard about this?

  2. #2

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,498
    Thank Post
    1,488
    Thanked 1,049 Times in 918 Posts
    Rep Power
    301
    If they said that word for word its not quiet the best wording I would say. If you are to take confidential data off school site it must be encrypted, and by far the easiest way is on a Hardware Encrypted USB Flash Drive, of which Proband are the cheapest supplier for SafeSticks around (trust me I have looked in MANY places and they are the cheapest). Cheaper one are often just software encryption which was show recently how easily it can be broken so a SafeStick is a hardware encryption stick so doesn't suffer from that bug.

    The BECTA site had some great packs of info on encryption stuff for people to read, lots of You should dos which you should really read as MUST as if you don't do it fine they you won't get murdered, BUT when you do loose some data you will be murdered by the ICO and maybe your LA. Our LA was rather specific saying you MUST use Encrypted USB Drives, Laptops, Files etc if you are taking data off-site, emailing it off-site etc....

    This is the BECTA link which has lots of documents on it which I would advise you download and keep so you have them and obviously read them

    Becta Schools - Leadership and management - Security - Data handling security guidance for schools

  3. #3

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,210 Times in 761 Posts
    Rep Power
    394
    Worth noting that the text of the Data Protection Act does not require any particular method of protecting data, including encryption - it just requires that you protect it using "appropriate technical and organisational measures". What those exact measures are is open to interpretation.

    As john has stated, BECTA's guiidance strongly advises encryption, as does pretty much anyone with their head screwed on, and LAs may require it... but to say that the DPA itself requires encryption is simply untrue.

  4. #4

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,922
    Thank Post
    1,332
    Thanked 1,774 Times in 1,101 Posts
    Blog Entries
    19
    Rep Power
    593
    AngryTechnician and John are spot on ... the technical answer is to hardware encrypt ... the procedural answer is to have a policy which says not to stick it on an unencrypted USB stick and take it off-site.

    It is a sales pitch based on some facts ... but still a sales pitch.

  5. #5
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,023
    Thank Post
    97
    Thanked 158 Times in 107 Posts
    Rep Power
    58
    If you have Windows 7, you can enforce bittlocker encryption on USB devices, the downside of this is that it's a computer and not a per user policy, so you'd have to enable it for everyone, including students :S

  6. #6

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,210 Times in 761 Posts
    Rep Power
    394
    Quote Originally Posted by DrCheese View Post
    the downside of this is that it's a computer and not a per user policy, so you'd have to enable it for everyone, including students :S
    Also it renders the device read-only on any non-Windows 7 machine.

  7. #7

    Join Date
    Sep 2007
    Location
    Bridlington
    Posts
    46
    Thank Post
    0
    Thanked 5 Times in 3 Posts
    Rep Power
    14
    I have a USB stick I use with school stuff on it. Files I may need (patches, compatibility packs, etc). I also have PIPS and EProfile data on there.

    The sensitive data is stored in hidden truecrypt volumes using the Serpent-Twofish_AES encryption algorythm.

    Is this ok or should I be storing stuff on a hardware encrypted stick?

  8. #8

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,210 Times in 761 Posts
    Rep Power
    394
    From what I've seen of some of the hardware encrypted sticks, what you're doing with TrueCrypt is far more secure.

SHARE:
+ Post New Thread

Similar Threads

  1. Encrypting Laptops/USB drives
    By jamin100 in forum How do you do....it?
    Replies: 10
    Last Post: 9th June 2009, 11:13 PM
  2. Replies: 13
    Last Post: 4th September 2008, 05:47 PM
  3. 4GB USB Pens
    By BKGarry in forum Windows
    Replies: 24
    Last Post: 17th July 2008, 10:19 AM
  4. USB data pens?
    By Ravening_Wolf in forum Thin Client and Virtual Machines
    Replies: 7
    Last Post: 19th March 2008, 12:25 PM
  5. USB Pens
    By alan-d in forum Recommended Suppliers
    Replies: 13
    Last Post: 18th June 2007, 07:47 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •