[I wrote this in June of 2009.] I was amazed when I started my second term doing volunteer work at the crisis/help centre because we now need passwords to send and received emails and access personal e-files of clients. No, this is not your regular log on password, but each file that you create, you will be required to have it password protected so you can send it off to whomever you want. This is a very cool system indeed.
It seems that in the past problems with particular levels of government, administrators and the public, all could have access to these files without any sort of e-lock or physical guard that should have filtered out those who do or do not have these privileges. It was so bad that in the last couple of years I heard stories that the RCMP could actually walk in and freely take these files without going through the courts seeking warrants. I even heard of one story which involved a well publicised case of a lawyer who was freely given a computer disk containing information of several clients on it because the person who gave it to him did not know about the proper protocols for dealing with private information.
Now, all information is encrypted, and double locked, i.e., needs a supervisor’s password also before it can leave the facility. All transmissions within the network, behind our server, are encrypted now and the higher up the food-chain you go, the more files you can open with your password. The data storage needs to be logged on now, and logged off. All archived files are no longer stored on site, instead a paid security firm now holds onto that data.
The funny thing is, now that these measures have being implemented, the “nag factor” from all public inquiries have dropped off by 90 percent. As soon as you tell them that the data need supervisory permission and the form is several pages long for the application, no one wants to take the time to collect the information any more. However, you always needed proper authorisation to obtain these records in the past, but there was nothing literally stoping any one from getting these files besides walking into the office and taking them. In the past very few people took the time to go through all the hoops–it was bad as far as having minimal security goes. It was basically up to each worker to insure that their data was safe and well protected.
I still can not believe that it has taken this long for an organization to finally jump on the encryption bandwagon. It is just silly to have so much private data without any protection on it. It is just stupid. I most certainly would want my private and personal information that is stored one someone’s hard-drive protected—right. Well, do not be surprise, most government organization and private firms are just starting to secure their data—I mean encrypt it.