A recent change in federal privacy laws is causing huge numbers of IT departments to examine the steps they take to keep data secure. Although the specific law affects organizations that store or process medical records--hospitals, insurance companies, human-resource departments, and . . .
A recent change in federal privacy laws is causing huge numbers of IT departments to examine the steps they take to keep data secure. Although the specific law affects organizations that store or process medical records--hospitals, insurance companies, human-resource departments, and so on--the change actually touches on an even larger issue, that of keeping any kind of private information truly private, as this reader letter suggests:
Fred, I do medical research and am being asked for recommendations about keeping medical data secure. As you probably know, a new set of regulations took effect on April 16 pertaining to privacy of medical records. These are the so-called "HIPAA standards " I'm glad that the new regulations are inspiring people to pay closer attention to this topic and would like to respond to their questions. Very frequently, researchers use portable media (notebook computers, mainly, but also Zip disks and PDA's) to transport their data, and most statistical-analysis software doesn't claim to offer even a modicum of security. So I'm asking for advice. Specifically, what measures do you and your readers recommend to secure sensitive data that resides on a notebook computer? There are several software products that encrypt individual files and create encrypted virtual drives. Which of these products do you recommend, if any? --Paul Falzer

Any form of encryption--file-, folder-, partition-, or disk-level--can substantially improve your data security by helping to ensure that only you (or those you authorize) can access the protected data. But picking both the right type of encryption, and then picking the right tool, takes a little digging: As with most things technoid, there's no absolute right or wrong answer. What's right for one circumstance may not be optimal in another. For example, I personally prefer file- or folder-level encryption tools to whole-disk solutions. Although I have a number of sensitive business records on my system that need high-level protection, most of what's on my hard drive isn't worth worrying about. For me, a tool that encrypts everything on a hard drive would simply waste time and CPU cycles in processing these nonprivate files. I prefer to pick and choose exactly what gets encrypted and when.

The link for this article located at InformationWeek is no longer available.