Ground work
The continuous warnings of whistleblowers, growing cybercrime and the reactions in the press to data security and privacy in the age of AI supported data analytics are bearing fruits:
The US are following the HIPAA regulations, the EU is introducing the GDPR in May.
A cornerstone of data protection is data encryption and the basic understanding of where, why and when you need to encrypt data. There is a solid article online by Martin Horan about File Encryption for HIPAA compliance and this does not just apply for the US and health care. You can very well transport the same principles to all companies and data handling in general.
The EU regulations are covering the same ground when it comes to the protection of personal data:
- Do not share the data unencrypted (no matter if FTP, cloud or eMail).
- Do not store the data locally unencrypted.
could be the two Asimovian rules of file encryption (if he would have postulated them).
The problem
In short: in the private sector nobody (but the geeks) cares about encryption.
The violations of privacy in the centres of technology (Silicon Valley, the US in general and the other first world countries) are on a level that can (still) be ignored, if you are lazy.
But the damage to our economies by crooks, stealing our credit cards and abusing the system with data encrypting trojan horses, photo stealing viruses and other means to blackmail you into giving them some bitcoins is high enough to postulate laws now.
Yet there is no easy way to lead a secure digital life besides leading a minimal digital life.
Stay off Facebook and Twitter, avoid Online Banking, keep everything printed and on paper?
This is not the way we want to make life easier. I want to pay for my coffee with a swipe of a card or a smartphone. I also do not want to go to town hall for changes on my passport or car registration, etc. The advantages of a digitized life are pretty obvious.
Now we have to understand that a secure digitized life means: Everything needs to be encrypted in a solid, secure way!
A way out
I personally believe the way to a secure and well handled digital life does not separate business and private data handling.
The technologies for sharing data, sending email or saving files are basically the same in private or in business – on Mac, PC or your Smartphone.
We need the mindset for it. That is all. There are free solutions, simple solutions and working solutions to cover all you need to protect your data.
- File Sharing: encrypt your whole cloud drives and your local drives!
- eMail: protect the attachments and the critical data (use our Plugin or Protonmail, eg.)!
- Social Media: do not post anything that can not be on the frontpage of the New York Times tomorrow
is a good start!
I already wrote an article about the forms of encryption with some links to free and easy tools in it. Take a look!
1 thought on “File Encryption: matching HIPAA and GDPR”