Ontario Privacy Commissioner Ann Cavoukian has taken issue with a security vendor’s criticism of her recent report following the loss of a USB key containing patient health data at Durham Health region.
Realize the Future with HP
Toronto will soon Realize the Future, a series of special events on what the future will look like, and how you can start now! Join HP on February 24th 2010 at Toronto’s Allstream Center
Earlier this week, Websense Inc.’s Canadian country manager Fiaaz Walji said Ann Cavoukian’s order that the Durham Health Region should “strongly encrypt” its data when stored on a portable device like USB stick or laptop is just one step that ought to be required among many others. “She’s absolutely right that it should be encrypted, but I think encryption is one piece of it,” said Walji.
In response, Cavoukian disagreed that her report focuses solely on encrypting data on mobile devices and that it does require that health authorities assume an enterprise-wide system of data protection that includes training employees on written policies and practices regarding role-based data access, lifecycle data management and data minimization.
“I wonder what more he would like me to do beyond all of the things we ordered. I don’t think he even read my order,” said Cavoukian. “To suggest that the only thing the order did was to order the encryption of health data I think is really incomplete.”
Cavoukian pointed out that the lifecycle of data management starts with data minimization by refraining from collecting