I've been suspicious of the value of Data Loss Prevention systems in other conte...

PeterisP · on Sept 19, 2013

IMHO no technical solution can eliminate the proposed example of Dr. Goofböl, so it's pointless to attempt to do so - in any case he can scribble down the name+protected info+some notes on a paper napkin, lose it, and the result would be the same.

So training / social solution is needed anyways, but that's a worry for other industries, not tech.

jessaustin · on Sept 20, 2013

...no technical solution can eliminate... so it's pointless to attempt to do so...

The premise of this proposition is correct, but not the conclusion. If a technical solution can alleviate a problem (and isn't dominated by some other, better technical solution) then it should be implemented to whatever extent is cost-effective. I don't imagine that no one has a slim jim that can open locked car doors, so that isn't the reason I lock mine. I lock them because the vast majority of people either can't or don't open locked doors they don't own. On the other hand, I know more people (who) are happy to duck into an unlocked car for a moment to quickly rummage the various nooks and crannies for small valuable items.

Most physicians want what's best for their patients, including Dr. Goofböl. It isn't the responsibility of a patient records system to regulate the tiny minority who don't. If the system can help physicians who are struggling in particular areas, by not making it easier to do the wrong thing than the right thing, that would be a benefit.

...some notes on a paper napkin, lose it, and the result would be the same.

These results ain't even in the same ballpark. I'm not particularly worried about the threat posed by my physician's maid.

As I said, however, I have yet to see DLP, especially endpoint DLP, be of particular value, so I'm genuinely curious as to David Shaw's opinion on this.