In your daily work, you will often need to consider the balance between safeguarding organizational data and ensuring privacy. It is crucial to understand the data’s nature, both in its entirety and fragments, and to categorize it appropriately when addressing these requirements.
Imagine this headline: “Data Breach at Main Memorial Hospital!” A published article reveals that a stolen laptop contains sensitive patient data, including social security numbers and insurance information, in plain text.
For your initial post, consider this question: As a practitioner, would you tackle this issue from a security perspective (using encryption to protect the data) or a privacy perspective (preventing the data from leaving the network in the first place)? Justify your choice.
When responding to your peers, highlight a cost or benefit associated with the chosen approach.
RESPONSE ONE
This headline is a scary one to think about, especially if I am working at the company when this happens. Both security and privacy are very important to be mindful of, but I feel that security is the issue to tackle. In our constantly evolving digital world, I personally do not see us ending the use of work devices such as laptops or phones that are used to work from home or on the go. To accomplish this safely, encryption is a nonnegotiable necessity. Every device used outside of the network needs to have encryption from the point of logging on until logging off. All data must be processed through a VPN to secure the communication and no sensetive information can be saved to the device.
The biggest threat to information security is human error, whether it be purposeful or neglectful. Devices will be lost or stolen, that will never change, but if encryption is in place and made a priority, the data will stay safe. With proper security policies in place, we can ensure that we don’t ever see that headline attached to our business.
RESPONSE TWO
In the scenario of a data breach at Main Memorial Hospital, where a stolen laptop contains unencrypted sensitive patient information, the issue can be addressed from either a security or a privacy perspective. While preventing data from leaving the network altogether is an ideal privacy-focused approach, it may not be practical given the need for healthcare professionals to access data remotely. Therefore, I would prioritize a security-focused approach by implementing strong encryption. Encryption ensures that even if sensitive data leaves the network or a device is stolen, the information remains inaccessible without the appropriate decryption keys. This approach provides a robust defense that accommodates the realities of modern healthcare operations, where data mobility is often necessary. By focusing on encryption, we can protect patient data while still allowing the flexibility required in healthcare settings, ultimately balancing security needs with practical considerations.