| 1 |
Am Mon, 15 May 2017 21:47:17 +0100 |
| 2 |
schrieb lee <lee@××××××××.de>: |
| 3 |
|
| 4 |
> > Depending on what data is transferred, you should also take into |
| 5 |
> > account if your solution is certificated to transfer such data. E.g. |
| 6 |
> > medical data may only be transferred through properly certificated |
| 7 |
> > VPN appliances. Otherwise, you should fall back to sneakernet. I'm |
| 8 |
> > not sure how that is any more secure but that's how things are. |
| 9 |
> |
| 10 |
> Interesting, who certifies such appliances? |
| 11 |
|
| 12 |
I really never asked... ;-) Maybe I should... |
| 13 |
|
| 14 |
|
| 15 |
> What if I, as a patient, |
| 16 |
> do not want my data transferred that way, |
| 17 |
|
| 18 |
See your words below: "nobody in Germany actually cares"... So you |
| 19 |
won't be asked because it's secure by definition (as in |
| 20 |
"certification"). ;-) |
| 21 |
|
| 22 |
The old transport was ISDN. But that is being shut down. |
| 23 |
|
| 24 |
Or did you direct your concern to sneakernet transmission? I doubt that |
| 25 |
such data would even be encrypted... Although it clearly should. |
| 26 |
|
| 27 |
|
| 28 |
> and how do I know if they |
| 29 |
> didn't make a mistake when certifying the equipment? |
| 30 |
|
| 31 |
That's German bureaucracy: It has the certificate stamp, so it's okay. |
| 32 |
The technical internals do not matter: Nobody asks for that after it's |
| 33 |
been certified. |
| 34 |
|
| 35 |
|
| 36 |
> It's not medical data, and nobody in Germany actually cares about |
| 37 |
> protecting peoples data anyway. The little that is being done towards |
| 38 |
> that is nothing but pretense. |
| 39 |
|
| 40 |
We are servicing a medical laboratory: They take this certification |
| 41 |
very seriously, so at least they care to fulfill the requirements. |
| 42 |
However, we do not control that: After the initial setup they do most |
| 43 |
configuration by themselves and we only deliver equipment now. As far |
| 44 |
as I know, they cannot even freely choose the provider on their side of |
| 45 |
the connection. And they are managing their internal network by |
| 46 |
themselves, we wouldn't be easily allowed to do that. |
| 47 |
|
| 48 |
Usually, as a IT service company, you would also sign a non-disclosure |
| 49 |
contract when working for a company handling sensitive data. But only |
| 50 |
few companies seem to know that... |
| 51 |
|
| 52 |
|
| 53 |
-- |
| 54 |
Regards, |
| 55 |
Kai |
| 56 |
|
| 57 |
Replies to list-only preferred. |
Archives