1 |
Am Mon, 15 May 2017 21:47:17 +0100 |
2 |
schrieb lee <lee@××××××××.de>: |
3 |
|
4 |
> > Depending on what data is transferred, you should also take into |
5 |
> > account if your solution is certificated to transfer such data. E.g. |
6 |
> > medical data may only be transferred through properly certificated |
7 |
> > VPN appliances. Otherwise, you should fall back to sneakernet. I'm |
8 |
> > not sure how that is any more secure but that's how things are. |
9 |
> |
10 |
> Interesting, who certifies such appliances? |
11 |
|
12 |
I really never asked... ;-) Maybe I should... |
13 |
|
14 |
|
15 |
> What if I, as a patient, |
16 |
> do not want my data transferred that way, |
17 |
|
18 |
See your words below: "nobody in Germany actually cares"... So you |
19 |
won't be asked because it's secure by definition (as in |
20 |
"certification"). ;-) |
21 |
|
22 |
The old transport was ISDN. But that is being shut down. |
23 |
|
24 |
Or did you direct your concern to sneakernet transmission? I doubt that |
25 |
such data would even be encrypted... Although it clearly should. |
26 |
|
27 |
|
28 |
> and how do I know if they |
29 |
> didn't make a mistake when certifying the equipment? |
30 |
|
31 |
That's German bureaucracy: It has the certificate stamp, so it's okay. |
32 |
The technical internals do not matter: Nobody asks for that after it's |
33 |
been certified. |
34 |
|
35 |
|
36 |
> It's not medical data, and nobody in Germany actually cares about |
37 |
> protecting peoples data anyway. The little that is being done towards |
38 |
> that is nothing but pretense. |
39 |
|
40 |
We are servicing a medical laboratory: They take this certification |
41 |
very seriously, so at least they care to fulfill the requirements. |
42 |
However, we do not control that: After the initial setup they do most |
43 |
configuration by themselves and we only deliver equipment now. As far |
44 |
as I know, they cannot even freely choose the provider on their side of |
45 |
the connection. And they are managing their internal network by |
46 |
themselves, we wouldn't be easily allowed to do that. |
47 |
|
48 |
Usually, as a IT service company, you would also sign a non-disclosure |
49 |
contract when working for a company handling sensitive data. But only |
50 |
few companies seem to know that... |
51 |
|
52 |
|
53 |
-- |
54 |
Regards, |
55 |
Kai |
56 |
|
57 |
Replies to list-only preferred. |