Moving Sensitive Data

You must take steps to protect sensitive patient data from misuse, interference, loss or unauthorised access or disclosure.

Before you begin

Moving sensitive patient information onto removable media such as USB, thumb drive, flash drive, external hard drive or CD/DVD contains should only be done where absolutely necessary, and in line with your organisation’s policies on media, and data and security management, as removable media can be easily misplaced, lost or stolen.

If you need to move sensitive patient information onto removable media, you must ensure your patient’s sensitive information is best protected in the event the data is misplaced, lost or stolen. This page sets out some measures you should take to protecting data on removable media.

You should be familiar with the Australian Privacy Principles (APPs) and your responsibilities. Under the Privacy Act 1988 (Privacy Act), the Australian Information Commissioner may issue guidelines regarding acts or practices that may have an impact on the privacy of individuals. For the latest APPs that impact on the privacy of individuals and your responsibilities, see https://www.oaic.gov.au/.

About this task

This task shows you how to prepare your sensitive data before moving it to removable media. The main tasks are:
  1. The files are archived (zipped) into a single file.
  2. The zip file is encrypted with AES-256 encryption algorithm.
  3. A password (encryption key) is applied that meets the definition of a strong password.

Procedure

To archive and encrypt sensitive data:
  1. Download the free 7-Zip archiving and encryption tool from https://www.7-zip.org/ and install it on your workstation or server.
  2. Open the 7-Zip program.
  3. In 7-Zip, locate, select and highlight the folders or files you want to archive and encrypt.
    Example archive tool with folder selected
  4. Click Add iconAdd.
  5. In the Add to Archive window:
    Example Add to Archive window
    1. In the Archive field, name the archived file.
      Example archive name
    2. In the Encryption section, in the Enter password field, add a strong password.
      Example Encryption pane
      Tip:
      You must remember this password.

      There are many free websites that will generate a random strong password for you. In your browser, search for ‘strong password generator’ or ‘password generator’.

    3. In the Reenter password field, enter the same password again.
    4. From the Encryption method list, select AES-256.
    5. Click OK.

Results

The folder or files you selected are saved as an archive file to the location from which you selected the files with the name you provided.

What to do next

In Windows Explorer, you can now copy the archived and encrypted file to removable media.
To unencrypt the archived files at the destination location:
  1. Ensure that 7-Zip is installed on the computer to which you want to unencrypt the archived file.
  2. In Windows Explorer, right-click on the archived file and select 7-Zip > Open archive.
  3. In the Enter password window, enter the password you added to the file in step 6.b.

The file is unencrypted and the contents are accessible.