Thursday, November 15, 2007

Laptop Thefts - Again!

Alberta's Privacy Commissioner, Frank Work, is the second Canadian privacy commissioner to demand the encryption of personal health information on laptop computers following the theft of four laptop computers from a Capital Health facility. From the OIPC press release:

"The investigation outlines the following steps that must be taken to protect health information stored on a mobile device in order to meet requirements of the HIA:
  • There must be policies and procedures that users are aware of and educated on that guide proper use of the device,
  • Reasonable steps must be taken to physically secure the device,
  • There must be a business need to store health information on the device,
  • The device must be password protected, and
  • Health information stored on the device must be protected by properly implemented encryption."

No comments: