Originally posted by tpert
View Post
Protection of client data includes encrypted hard drives (I don't have this since I am a sole practioner). Some of these things are common sense and probably not so much written in stone. It didn't take me much imagination to see someone breaking into my business and stealing my computer. Then putting the hard drive into another computer. I am sure I could be sued by clients for not absolutely protecting the computer from unauthorized use.
The netbook I carry around does not have any data on it, only the programs. The data is on a password protected thumb drive. I have tried to implement PGP encryption and failed. I did not know how to solve the issue between backups the way I want to them and the encryption. I also did and cannot spend a fortune to hire someone to implement.
I also do not want to live in fear all the time, so I am risking to have my computer stolen (probably slim chance), and feel comfortable with my solution for the netbook. I also don't have an office where it would be possible to have an interview with a client and not have another client in the waiting area not be able to listen. If a client would like to turn me in for not ensuring enough privacy so be it. After all this is what it boils down to anyway, being turned in. If that happens I will stop doing tax returns.
I think we all have to find our own level of comfort with all these ridiculous rules and requirements. It's all nice and dandy if one has a firm big enough to have a dedicated IT person, most of us are not part of this.
Comment