My "take/suggestion" After reading a lot of posts (good, excellent, and questionable) I'll put in my personal opinion.
The data is not ours. The data is solely the Church's. They are responsible for it. We are responsible to guard the data by following the Church guidelines as closely as possible. Where there is a question we should error on the side where the data is not disclosed, regardless of the perceived benefit, need or personal opinion. If you are aware of an unauthorized disclosure or unauthorized use you should (must) report the disclosure or use to the appropriate Church authority. If they don't take action you are under obligation to report BOTH problems to an appropriate Church authority. I hope this does not stress everyone as an overly hard position, it is a result of experience and training. Good luck God bless oscar On Thursday 15 September 2005 09:00, Mac Newbold wrote: > Today at 7:47am, Arthur Westover said: > > 1. Palm files. Since MLS gives you the option of > > exporting it for handhelds, methinks they approve it. > > Exactly. Be careful. Only release the data on need to know basis. If they don't have personal access to the data inside of MLS don't bypass the MLS controls - no access, no data. Train everyone you give data to. If you print it shred it. If you have a ecopy, protect it and wipe it when you are done. I hope you have linux and 500 permissions on the file. Wipe is a special delete tool - read the man page and use it or something better. > > > 2. Our stake center has broadband and wifi for what > > that's worth. > > Ours too. (Ours is because of our family history center, but they did wifi > to the clerk's offices for some reason. I love it, but it doesn't jive > with what the handbook says about clerk's offices not having internet > access.) Talk to the Stake Clerk, the Ward Clerk, the Bishop, and the Stake President ASAP or sooner. You have to ASSUME all of the data on the computer has been compromised - GET A FULL AUDIT DONE. Contact the Church immediately. Remove the wifi card from the computer immediately with the Stake Clerk present. > > > 3. You could access MLS from home (given broadband) > > through winXP remote access. I'm not really sure how > > to set it up, as I never have before. But I decided > > that I use MLS infrequently enough that it's not worth > > the bother. > > If you ever did try to do this, make sure you're extremely careful with > the security aspects of setting this up, or you'll get hacked. Don't ever > tell the MLS people or the clerk support desk that you're doing anything > of the sort. They'll freak out. Personally, I don't think this would be a > good idea at all. They've given us "Export", but unless they approve > "Remote Access", I think it would be an unwise risk, and against the > spirit of the guidelines they've given us. > > We've got broadband, but when we asked MLS when they were going to let MLS > connect to HQ over a secure internet tunnel (VPN or SSL or whatever), > instead of over the slow modems, they quite literally had a cow over the > phone. The MLS team seems to thing "Internet==Insecure", not to mention > the fact that the connection we're using is wireless, which freaked them > out even more. (Anything that you're encrypting is just as encrypted, > whether it is travelling over wireless or a wired network, but they didn't > seem to think so.) > Don't even consider remote access. IF the Church ever permits it they will let you know how to do it. Be patient - the data belongs to the Church and the Church is responsible to keep the data secure. Unauthorized disclosure of PERSONAL data, especially a child's data, COULD cause a great deal of harm to the Church. Everyone: Safeguarding data is not a game. The Church has trusted us in a manner far beyond most of us understand or appreciate. We must trust and have faith in our Leadership. If the directives stay don't do it OR don't explicitly say you CAN do something then PLEASE do not do it. If you don't understand why that's ok. Understanding and knowledge are not required for compliance. If you do understand then you do. Computer and data security is just that way sometimes..... and we don't even get to talk about it anymore (DCMA). If you need help with computer security please contact me privately. oscar > Mac > > -- > Mac Newbold MNE - Mac Newbold Enterprises, LLC > [EMAIL PROTECTED] http://www.macnewbold.com/ > _______________________________________________ > Ldsoss mailing list > [email protected] > http://lists.ldsoss.org/mailman/listinfo/ldsoss _______________________________________________ Ldsoss mailing list [email protected] http://lists.ldsoss.org/mailman/listinfo/ldsoss
