Thanks to mobility, cloud-based storage and web access to office databases, about two-thirds of working professionals have accessed "some type of sensitive data" outside of their offices within the last year, according to a "visual data breach" survey conducted by People Security on behalf of 3M. A good number of those had viewed health data remotely, opening up the possibility of significant HIPAA violations (though the report doesn't specifically mention HIPAA).
"A significant number of respondents surveyed have accessed personally identifiable information and protected health information outside of the office, with 26 percent accessing credit card numbers, 24 percent accessing Social Security numbers and 15 percent accessing medical information," the report says.
While organizations generally have done a good job with protecting data storage and transmission with technologies such as virtual private networks, disk encryption software and two-factor authentication, "visual privacy" of display screens generally is an afterthought. The report notes right on the cover page that 3M makes privacy filters for computers and mobile devices, so take that finding with a grain of salt.
Survey respondents generally indicated that convenience is more important to them than privacy when working outside the office. People Security conducted the survey at kiosks set up at an unspecified IT conference and observed that 26 percent of kiosk users accessed corporate email from the computers, which had been set up so the screens were "highly visible" to passersby. Only 35 percent of kiosk users chose screens with 3M privacy filters, the report says.
"This was in sharp contrast to the results of the survey, where 80 percent of respondents said that they would choose the privacy filter equipped machine in similar circumstances. This shows a significant gap between what people believe about privacy and how they actually behave," the report noted.
To learn more:
- take a look at this CMIO story
- read the full report (.pdf)