Secure USB Drive

The UK Government’s data protection watchdog has recently criticised another health organisation for two incidences of data loss in early 2008, one of which involved the loss of an unencrypted USB flash drive. 

While this can seem negative, it’s an example of how attitudes to data security in the UK public sector are changing.  As a result of the Government’s data watchdog’s vigilance and willingness of organisations that have suffered losses to change, the English National Health Service is one of the most advanced in successfully rolling out DLP systems, including mandatory hardware-encrypted USB drives.

An excellent example of how this can be done is given by NHS Dumfries and Galloway, which earlier this year deployed 1100 SanDisk Cruzer Enterprise secure flash drives to protect confidential patient data.

An interesting point was that NHS Dumfries & Galloway didn’t just hand the secure drives to users:  they held an amnesty so that staff could bring in old USB pen drives containing confidential information for orderly disposal.

The organisation arranged distribution days where they travelled to its various different office locations to give out the new drives.  This helped to ensure that all staff knew about the amnesty, and had a chance to familiarise themselves with the organisation’s updated polices – an example of good practice for anyone planning a similar roll-out.