documents findability management paperless passwords security

DO Encrypt, DON’T Panic

Or, What the ‘strong encryption’ requirement means to Psychologists (regarding Fact Sheet #16 issued by the Information Privacy Commissioner of Ontario).

Why I’m writing this: I have a number of friends and associates who are Certified Psychologists in Ontario, and have been asked, casually, what exactly this fact sheet means.

Bottom line:  If you are a Psychologist providing health information to a health network provider, or a user of health information in the sense of PHIPA and its regulations, you need to secure all portable healthcare data as below. If you are NOT, you DO NOT have to.  If you do, or if you aren’t sure, please keep reading…

Dak do it now passwords security trade-offs

Getting cranky about “IT Policy,” and improving your password practices

I just read a helpful article about tuning organizational password policy but I’m afraid it rubbed me the wrong way.

What it says is helpful and mostly good practice, but it fails to address the problem from the perspective of the users, and does the usual “well, this will be a pain for the users, but it’s good policy, so we’re recommending it,” which is one of many reasons why people hate IT departments. (I say this as a seasoned IT professional, and I hate us, too. 😉

IF you notice that YOUR passwords violate any of these rules, chances are that they are already broken. Change them now.

To all password users, everywhere: Make your passwords unguessable as best you can. If someone guesses your password, change it. Corollary 1: Since you can’t know if someone might have guessed your password, change it from time to time. If you feel that you have to make a list of passwords, make a list of reminders, not the actual passwords, and keep it safe (not where someone can look at it without you knowing about it). More detail below.