Compliance Guide:Good practice in Information Handling: Encryption
In its January 2013 briefing for Inspectors document: Inspecting e-safety, Ofsted clearly states that personal data being unsecured and/or leaving the school site without encryption is an indicator of inadequate practice.
In 2012 the Information Commissioner's Office (ICO) worked with over 400 schools in nine local authority areas, producing a report setting out the data protection rules and recommended good practice.
The ICO recommends the use of encryption software to protect all portable devices and removable media, such as laptops and USB devices (or another form of memory storage not part of the computer itself), which hold confidential personal information. This is particularly important if they are taken from school premises. It is also important to prevent access to the information in case equipment is stolen. Memory sticks are easily lost, and laptops are attractive to thieves.
There has been a spate of incidents where laptops containing personal information have been stolen from workplaces, vehicles and houses, or left in public places. After this, the Information Commissioner has decided that where such thefts or losses occur and encryption software has not been used to protect the data, enforcement action will usually follow.
DESlock+ provides the means to meet all ICO and Ofsted requirements, with central management and reporting to ensure compliance for all users.
|Portable devices (Laptops) should be encrypted.||Full disk and file and folder encryption included.|
|Portable storage media (USB memory sticks, portable hard drives CD's and DVD's) should be encrypted.||Removable media and virtual disk encryption included.|
|Any device storing data and used outside of the secure space should be encrypted.||DESlock+ Reader and DESlock+ Go (included) allows secure access to encrypted data on a home PC.|
|Any data no longer required should be securely deleted.||DESlock+ Shredder (included) securely deletes documents and the recycle bin contents.|
|Data transmitted between systems and locations should be encrypted.||Includes Microsoft Outlook plug-in for fully integrated encrypted email and attachments.|
|Use an encryption solution that meets an accepted standard.||FIPS-140-2 validated.|