Audit, Data Protection, Encryption & Fines
Ive had my office managers come back from their forum meeting and our new worry is Audit, Data Protection, Encryption & Fines.
I have a huge task ahead of implementing whole disk encryption on laptops, buying in more encrypted memory sticks and ensuring our APUs reflect the new requirements.
Ok so it will take time and some money but the biggest issue to come out of it is how we as individuals as well as the school can be fined for failing to encrypt our data (someone even said inprisonment but how true that is I dont know).
I want to know how they are going to enforce these fines and even if I should personally accept my own AUP im writing that will allow them to fine us in the first place!
Baring in mind the requirements are any data that has 2 items of personal identification on them, so thats a childs name and school or a childs name and parental contact details, school reports and everything like that.
I am all for taking responsibility for our data but this seems like a way over the top kneejerk reaction that will be difficult to police and a nightmare to manage.
Does anyone have any further info they can relay back or have any guideance on best ways to implement and sustain staffwide encryption?