I'd be curious to know what your workflow is, and Privacy Act requirements you believe are being violated.
Nevertheless, you can enable SSL communication between a client (such as FMGo) and the server, which is as secure as any banking transaction. It's pretty simple to enable and should alleviate any concerns about someone sniffing or intercepting the transmission.
Thanks for your reply. Because this is a new program using the iPads, supposedly someone higher up the food chain declared this to be "a violation of the Privacy Act". Even though our company has you sign a waiver stating your rights, apparently because it is an iPad, it can be used to transmit information without going through one of our servers. An example would be:
They are worried someone could take the database information and send it through Dropbox, thereby compromising a person's privacy. Why someone would do that or what they would do with training information is beyond me but that is what they are telling me.
I like the idea of SSL and I will pursue that. Any other information you think would be helpful would be muchly appreciated.
Which "Privacy Act" are you referring to? There are many laws affecting privacy in different domains (HIPAA, FERPA, Massachusetts 201 CMR 17, etc.) and industry regulations, like Payment Card Industry (PCI) standards. Knowing what you have to comply with would help us figure out how to accomplish it.
If your users are accessing a database hosted on a FileMaker Server, the data are not stored locally on the device, so the database could not be sent through Dropbox unless the programming of the FileMaker application supported it. Connections between FileMaker Go and your server can be encrypted via SSL, and iPads can be configured to connect to a company VPN. iPads can also be configured to require a passcode to unlock and for remote wipe, in case a device is stolen.
Yeah. What jbante said.
Seriously, though, it's probably best to figure out exactly what the concern is ... which can probably be addressed. I know we are restricted from putting government data on iPads where I work because they can't be configured to be authenticated through a Windows domain (which the Department standards require) and because they don't (yet) comply with FIPS 1140-2. Or at least that's what my security people are telling me. But throwing up a random "it might be illegal!" is something that probably needs a little pushback. IMHO.
Sorry I should have been more clear. First of all the issue(s) at hand are:
1) Our company is in Canada so I am talking about our "Privacy Act" as well as "PIPEDA" Personal Information Protection and Electronic Documents Act (like the Section 508 in the U.S.)
2) As I said someone up above my pay grade has decided this and for the life of me I can't figure out exactly what are their issues. But if I can cover off this worrying about someone's training record being somehow used for ill-gotten purposes then I think I have the bases covered.
We've taken out all personal information except their name and location. It also includes the project they are working on and the grade they achieve as they progress through a training curriculum.
So as you have probably guessed by now I am grasping at straws trying to figure out just exactly what they think are the problems.
Personally I think this is "Empire-Building" by another group in the company.
I like the idea of configuring it to connect to the company VPN. All the iPads have a passcode.