Encryption - humans miss the point!
? E Wells 2020 used with permission

Encryption - humans miss the point!

Encryption is a great way to secure data confidentiality, but getting people to use it properly is tough like you wouldn't believe.

I'm talking about lacking understanding of the very basic basics, what many would think should be obvious and common sense. So it's no wonder that it's such a challenge to secure personal data and other data properly in practice.

Just three examples:

  • London law firm - I agree a password with them by phone. I email them draft encrypted Word documents, to be opened using that password. They email me back the redrafts - without ANY encryption whatsoever. If the document is confidential enough to be encrypted before being emailed to them, why would they think that they needn't encrypt the redraft that they send back to me?!
  • Financial adviser - I agree a password with them in person. I email them encrypted PDF documents, to be opened using that password. I ask them to email me some follow-up documents, encrypted but to be opened using the same password. They say they no longer have the password, as they discarded it right after opening the documents I sent them!
  • Medical firm - I agree a password with them by phone. I email them encrypted PDF documents, to be opened using that password. They email me an encrypted Word document with health data. But, in their very next email, they send me the password to open that Word document - which is completely different from the password I had agreed with them by phone! I query that. They say: "Oh, you didn't say that the password was for us to send you documents too, not just for you to send us documents!" Yes, it was a healthcare firm, and yes, it was clearly subject to GDPR.

Tearing hair out here. If documents with personal data or private or confidential information are to be encrypted before being emailed, then surely they should be securely encrypted for emails going BOTH ways, following secure exchange of the password in person or by phone (NOT by email), with the agreed password being securely stored. Otherwise, what's the point, really?

Data protection training may need to be expanded to cover even these very basic basics... It's no wonder secure online file upload services are doing well - although the way some of these are being used, don't get me started!

要查看或添加评论,请登录

Dr W Kuan Hon的更多文章

  • Action after the GDPR 2-yr report? (what's NOT in the report but tucked away)

    Action after the GDPR 2-yr report? (what's NOT in the report but tucked away)

    Most of the below isn't in the Commission's Communication or EDPB work programme, but from the Commission's Staff…

  • Processor - not processor? Covid-19 testing privacy notice

    Processor - not processor? Covid-19 testing privacy notice

    It's not easy determining if an organisation is acting as a controller, processor (or indeed neither) for a particular…

  • Loo roll song - Beatles parody!

    Loo roll song - Beatles parody!

    Parody of "With A Little Help From My Friends" - with apologies to the Beatles and Ringo! https://www.youtube.

  • Don't walk so close to me!

    Don't walk so close to me!

    Here's something for fans of The Police and Sting to sing at home in the shower - but not in public, for obvious…

    5 条评论
  • Data localisation - now webinar / video

    Data localisation - now webinar / video

    Just to confirm that the session next Monday evening 23 Mar on my data localisation book is still going ahead, but only…

  • COVID-19: missing UK info

    COVID-19: missing UK info

    The main UK government COVID-19 webpage omits important info that should be there or linked to from there - not buried…

  • Data localization / transfers - BCS session 23 Mar

    Data localization / transfers - BCS session 23 Mar

    I'm presenting on the topics covered in my book Data Localization Laws and Policy - the EU data protection…

    5 条评论
  • Doctor Who - and data protection

    Doctor Who - and data protection

    Just catching up on season 12 of Doctor Who and whaddayaknow, there's this in episode 1: Hospital doctor to Graham…

    7 条评论
  • Data localization book - new review

    Data localization book - new review

    I'm really happy to have come across this recent (Nov 2019) review of my book on data localisation / international data…

  • The archiving risk - €14.5m fine in Germany

    The archiving risk - €14.5m fine in Germany

    Big fine by the Berlin data protection supervisory authority against a property company for keeping tenants' personal…

    3 条评论

社区洞察

其他会员也浏览了