What are the requirements of the UK Data Protection Act in respect of endpoint device encryption?
“The ICO’s guidance is clear: all personal information – the loss of which is liable to cause individuals damage and distress - must be encrypted. This is one of the most basic security measures and is not expensive to put in place - yet we continue to see incidents being reported to us. This type of breach is inexcusable and is putting people’s personal information at risk unnecessarily." (The ICO's Acting Head of Enforcement, Sally Anne Poole.)
Encryption should be applied to laptops, USB sticks and any other portable media that might contain personal data. Encryption should meet at least the FIPS 140-2 standard and, for laptops, the encryption software should provide whole disk encryption and require pre-boot authentication - ie it should force you to enter the decryption password before you can log onto the laptop.
FIPS 140-2 is the US Federal Information Processing Standard Publication 140-2, and it is a US government standard for accrediting cryptographic modules on all sorts of media. Even though the standard was last updated in 2002, it has been adopted, by default, around the world as it is a clear, credible and internationally recognised standard. It is applied both to laptops and to USB sticks.
We have identified appropriate laptop encryption software, which we can supply directly to indivduals and to organisations, and we have also identified - and can supply in single units or in bulk - USB sticks which are appropriately encrypted and meet CESG security requirements.
Encrypted USB Sticks
We have identified five USB sticks that would be appropriate for most organisations, and these are available singly or in quantities (bulk discounts available). They all use 256-bit AES encryption are designed for enterprise deployment. Optional enterprise features, available with some models as identified below, include features such as remote-wipe, password reset, group policy enforcement, etc.
- Kanguru Defender Basic AES Hardware Encrypted USB Drive - 256-bit encryption, from 2Gb to 128 Gb, prices start at £26.95 each
- Kanguru Defender V2 AES Hardware Encrypted USB Drive - FIPS 197-certified, with optional enterprise features, from 2Gb to 128 Gb, prices start at £34.95
- Kanguru Defender Elite AES Hardware Encrypted USB Drive - FIPS 140-2 certified, with optional enterprise features, from 2Gb to 128 Gb, prices start at £39.95
- Safestick (FIPS 197, CESG-approved) - as used across the UK NHS - from 2Gb to 32Gb, prices start at £48
- Safestick (FIPS 140-2, CESG-approved) - as used across the UK NHS, with optional enterprise features, from £4Gb to 32Gb, prices start at £76.50
Laptop Encryption Software
The first laptop encryption software that we have identified is, not surprisingly, the same software that we use on those of our laptops that carry sensitive data: PGP. Telephone us today (+ 44 (0) 845 070 1750) for pricing for your laptop or laptops.
