Laptop Thefts - Again!

Alberta's Privacy Commissioner, Frank Work, is the second Canadian privacy commissioner to demand the encryption of personal health information on laptop computers following the theft of four laptop computers from a Capital Health facility. From the OIPC press release:

"The investigation outlines the following steps that must be taken to protect health information stored on a mobile device in order to meet requirements of the HIA:

• There must be policies and procedures that users are aware of and educated on that guide proper use of the device,
• Reasonable steps must be taken to physically secure the device,
• There must be a business need to store health information on the device,
• The device must be password protected, and
• Health information stored on the device must be protected by properly implemented encryption."