Does a database fit on a USB stick? Yep, and it can be lost in the mail, too. It's for reasons like this that USB sticks need to be protected with some kind of encryption software, be it full disk encryption or file encryption.
The Shropshire Council in the UK was found in violation of the Data Protection Act. They had lost, in the mail, a memory stick with the information of 3,554 clients and 188 staff members. The reason for the extensive breach was twofold: the use of encryption was passed over, and the device "contained records that were excessive for their purpose and out of date." In other words, the council kept information they should have deleted. Often times, it's this type of wait-and-see attitude (hey, we might need those records some day!...even if the law says we don't!) that makes bad things worse. I've got to admit, though, that in lawsuit-happy countries like the US, this attitude is somewhat required (thank goodness for statutes of limitation...although that doesn't really prevent someone from filing a lawsuit).
The Shropshire Council in the UK was found in violation of the Data Protection Act. They had lost, in the mail, a memory stick with the information of 3,554 clients and 188 staff members. The reason for the extensive breach was twofold: the use of encryption was passed over, and the device "contained records that were excessive for their purpose and out of date."
In other words, the council kept information they should have deleted. Often times, it's this type of wait-and-see attitude (hey, we might need those records some day!...even if the law says we don't!) that makes bad things worse.
I've got to admit, though, that in lawsuit-happy countries like the US, this attitude is somewhat required (thank goodness for statutes of limitation...although that doesn't really prevent someone from filing a lawsuit).
If you can't delete the info (or at least, think you can't), then encryption may be the solution for you. Data encryption was designed to protect information from prying eyes. File encryption is used to protect individual files. For example, if you've got two documents on your computer, and you use file encryption on one of them only, only that file is protected. The other, copied to a USB disk, would still be accessible by anyone. Contrast this with something like drive encryption from AlertBoot, which encrypts the entire drive, be it on a USB flashdrive, external portable drive, or a laptop computer. In that case, any documents saved on the device itself would be protected. (Although, if you copy it off to another device, then the document wouldn't be protected anymore.) One thing to note is that these two are not an "either-or" product. You can use both drive encryption and file encryption at the same time. This eliminates the risks of having a breach when, for example, you e-mail (to the wrong address) an attachment from your encrypted computer. Since the file makes use of data protection, the fact that the wrong recipient has it means little to no risk of a information security breach.
If you can't delete the info (or at least, think you can't), then encryption may be the solution for you. Data encryption was designed to protect information from prying eyes.
File encryption is used to protect individual files. For example, if you've got two documents on your computer, and you use file encryption on one of them only, only that file is protected. The other, copied to a USB disk, would still be accessible by anyone.
Contrast this with something like drive encryption from AlertBoot, which encrypts the entire drive, be it on a USB flashdrive, external portable drive, or a laptop computer. In that case, any documents saved on the device itself would be protected. (Although, if you copy it off to another device, then the document wouldn't be protected anymore.)
One thing to note is that these two are not an "either-or" product. You can use both drive encryption and file encryption at the same time. This eliminates the risks of having a breach when, for example, you e-mail (to the wrong address) an attachment from your encrypted computer.
Since the file makes use of data protection, the fact that the wrong recipient has it means little to no risk of a information security breach.
Related Articles and Sites:http://www.phiprivacy.net/?p=1669http://www.ico.gov.uk/upload/documents/library/data_protection/notices/shropshire_council_undertaking.pdf