[FDE] Of course FDE is not sufficent...
Allen
netsecurity at sound-by-design.com
Fri Aug 17 21:40:33 MDT 2007
Hi Gang,
I do hope I'm stating the obvious, but just in case this is not
clear here is a tidbit for you.
At a major managed health care provider the policies around FDE
and private data are very clear, except that there is a major fly
in the ointment, the doctors are exempt from all policies as they
are not employees of the provider. Not only is this true, it says
so in the very first policy in their list of policies. Isn't that
grand?
Since the doctors are exempt, they do what they please. And what
they please is to download a *large* number of medical records
into an unprotected computer at home that was stolen today.
This has not yet been reported under California 1386 yet, and
apparently there is a discussion going on whether they need to as
it was not the medical provider's machine....
So technology will always be foiled by, as they used to say about
cars, the nut behind the wheel *and* a failure to look at the
consequences of policies with holes in them one could run several
loose black holes through.
Best,
Allen
More information about the FDE
mailing list