The ICO have brought out more information about Encryption.
Their information covers areas like:
- What is encryption?
- When should you use encryption?
- Other considerations
Here’s a really good example, taken and amended from the ICO website.
A case management company issues laptops to their employees together with secure storage lockers for use at home. However, there is still the risk of loss or theft of the devices (e.g. whilst being used outside of the office, visiting clients in the home or at MDT meetings).
To help tackle this risk, the case management company requires all data stored on laptops to be encrypted or saved on the cloud. This should substantially reduce the chance of unauthorised or unlawful processing of the data in the event of theft or loss.
They do recommend having a policy governing the use of encryption if you have a team as part of your company.
As an example, guidelines for sending emails containing sensitive health information on clients. Making sure it’s always encrypted and remembering that mobile devices also should be encrypted and with highly secure passwords.
NHS Digital have a good information on data and cyber security protecting information.
Their guidance information covers:
- Assessing the type of encryption for the data and information on devices and communication links
- assessing the right level for the data and information on devices and communication links
- protecting data in relation to its classification / sensitivity.
- managing the encryption systems
To find out more please visit the ICO website.