This extraordinary video of a man literally blending everything from iPads to entire cars, reminded me about data safety, especially on mobile devices. How often have you done your work emails from your mobile phone or iPad whilst on the go? More importantly, how often have you lost your phone or just thought you had for a few heart stopping minutes?
From a legal point of view, you may not realize that you could be facing a fine of up to £500,000 from the Information Commissioner, the man who enforces the Data Protection Act! He has formed the view that in future, where such losses occur and where encryption software has not been used by a business to protect the data, he may come after you!
The Information Commissioner’s Office recommends:
1. Portable and mobile devices including magnetic media, used to store and transmit personal information, the loss of which could cause damage or distress to individuals, should be protected using approved encryption software which is designed to guard against the compromise of information.
2. Personal information, which is stored, transmitted or processed in information, communication and technical infrastructures, should also be managed and protected in accordance with the organisation’s security policy and using best practice methodologies such as using the International Standard 27001. Further information can be found at 27001-online.com.
So what should you do now? Get to grips with encryption!
There are a number of different commercial options available to protect stored information on mobile and static devices and in transmission, such as across the internet. Best place to start your research is the government and business sponsored website getsafeonline.org.
What is ‘encryption’ exactly? Encryption software uses a complex series of embedded mathematical algorithms to protect and encrypt information. This process hides the data and prevents any inadvertent access or unauthorised disclosure of information. Since encryption standards are always evolving, it is recommended that data controllers ensure that any solution which is implemented, meets the current standard such as the recommended FIPS 140-2 (cryptographic modules, software and hardware) and FIPS – 197. Encryption products certified via CESG’s CPA or CAPS schemes to at least FOUNDATION grade would also meet the current standard.
Good luck and stay away from Mr Blender!!