British Government has been in a bit of bother this week after losing two discs containing over 25 million records of personal details of parents who received child benefit. So when dealing with sensitive data what is the best way to transfer the information between offices?
At some point in business you might be tasked with sending large amounts of personal and sensitive data to another business or office. Without getting too technical, here are a couple suggestions and yet effective ways to send sensitive data.
1. Required Data Only – Think about why you are needing to send the data. Maybe only certain fields or records need to be sent, just an update file containing records that have changed. So if the worst happens and the data falls into the wrong hands only a partial picture can be painted.
2. Password Protect the File – Most desktop application have the ability to password protect the documents they create. Although the latest versions of Microsoft Office have vastly improved on security front, you need only do a search for “Microsoft Office Password” and see platter of software aimed at breaking password protected documents.
3. Encrypt the File – Once you have password protected the file. You need to encrypt the file using third party software such AxCrypt with an extremely long password phrase and industrial strength algorithm.
Does anyone else have suggestions for encryption software?
4. Split the File and Send Separately – Whatever means you decide to send the data it might be worth while splitting the file into two parts and sending it separately at different time periods. That way if you lose one part of the file in transit the data is still secure. To split the file you could use 7zip or HJ-Split.
5. Sending the Passwords – All your good work will be un-done if you don’t equally take care when sending the passwords. You should presume sending them via email is not a secure method.
6. Check eBay – You should check eBay if your discs do go missing.
That wasn’t the only thing that the courier TNT apparently lost in October. Last month we ordered four rather expensive servers on a tight deadline and only one turned up! We are still sorting out the mess this has caused between them and Computer 2000 who made a complete mess of the whole affair.
Mr Darling told MPs: “Two password protected discs containing a full copy of HMRC’s entire data in relation to the payment of child benefit was sent to the NAO, by HMRC’s internal post system operated by the courier TNT.
If you have any additional suggestions to sending sensitive data I would love to hear them.