Policies are necessary, sometimes they’re even really well written. However, if your users aren’t aware of them, let alone follow them, what use are they? User education is a never ending exercise. It’s a myopic point of view to dismiss the end users as un-trainable. If you give up on them you can rest assured they will meet your expectation.
From the Baltimore Sun:
First it was the Department of Veterans Affairs. Then, the Internal Revenue Service. Now, the National Institutes of Health is the latest federal agency that failed to encrypt laptop computers containing sensitive private information.
The recent theft of a laptop that had medical test results for 2,500 patients in an NIH heart imaging study shows that the government is still not guarding private information, despite new rules, privacy specialists say.
“The issue isn’t so much with the policy; it’s with the policy being followed in practice,” said Joy Pritts, a Georgetown University researcher who specializes in health care privacy.
The laptop was reported stolen from Dr. Andrew E. Arai’s locked car trunk Feb. 23, but the National Heart, Lung and Blood Institute alerted patients to the data theft only last week.