W5 Discussion Comments

Employer Policies: I included this question so that you can see that control over personal devices is an issue that requires management attention. You gave some good examples of problems and polices that exist in the real world.

Company Laptops: You mentioned requiring encryption of the entire laptop hard disk. Encryption can slow down a laptop and remembering the password can frustrate some people. There is a classic trade-off between security and convenience. The nature of the business and the importance of the data being protected can help determine how to make security trade-offs. The most expensive edition of Windows 7 supports full disk encryption without the need for third party software.

Company Laptops - employees: . As an employee, I would work on the assumption that the next time I came into the office, I could be laid off and the company would take immediate possession of the company laptop and the company email account. I would not have an opportunity to backup or erase data or access any data I had stored on company servers.

Using Computers at work: You should assume that your employer will record which sites you visit on the Internet and keep an archive of your incoming and outgoing email. This archive can be analyzed in the event of a lawsuit or for any other reason.

Cloud Storage: You discussed imposing restrictions on the use of USB drives. Companies must also be concerned with employees copying corporate data to the employee's personal cloud storage on their Microsoft SkyDrive (now called OneDrive) or their Google Drive or Dropbox Account.

Personal Experience: I have one personal laptop computer that contains my personal data and files that I use for teaching at Dominican. I perform complete and incremental backups to an external hard drive twice each week using Norton Ghost. The external hard drive is mirrored to a portable hard drive that I store away from my computer. The backups are completely encrypted. I also subscribe to Carbonite which I use to backup my data files to an off-site server.

I almost never take my laptop away from home. Instead, when I am at Dominican, I access my home laptop remotely using Logmein.com. When I am at home, I can access my Dominican N: Drive using Dominican's Virtual Private Network (VPN). If I ever make a copy of student data (grades), I store it on the N: drive because my laptop drive is not encrypted. (I should encrypt it to provide better protection of my personal data.)

I have an iPhone Personal Hotspot that allows me to access the Internet at a fairly fast speed from every place I work and travel. This allows me to work on the road without using public wi-fi.

Opinion: It is becoming much easier to store data in secure locations and access the data from anywhere. Therefore the need to carry critical data on a laptop should be steadily decreasing.

Legislation protecting personal information: You mentioned HIPPA that is legislation protecting patient information. FERPA (Family Education Rights and Privacy Act) protect student information. In fact, if parents call me and ask how their son or daughter is doing in my course, I cannot answer unless the student has given me permission to answer.