Do You Have a Secure Chain of Custody?

The recent news O2/IBM has misplaced a data tape containing unencrypted personal data just emphasises to me the need to have a secure chain of custody for our data and records. This means ensuring that when records are passed from one custodian to another across an end-to-end process, we have secure hand-offs and an audit trail that captures critical characteristics of each hand-off. Whilst this provides no guarantees that records will not be lost, I think it puts more focus on the hand-offs and as a result improves the robustness of the overall process.

Of course, the other aspect of this story is why unencrypted data tapes are being used for personal data. So, why don’t we take a look at our own records management chain of custody? Are there appropriate security mechanisms in place? When you hand over data tapes to your off-site provider, what security processes are in place at hand-over, during transit, and at the storage location? Is there compliance with pertinent data security standards, for example ISo 27001 ‘Information Security Management’. And have you considered the need for data encryption before hand-off to a third party?


About rammellel

Records management consultant to the life sciences / pharmaceutical industry
This entry was posted in Compliance, e-records, Records management practice, Technology. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.