News
 IT
Confidential: A Checklist for Protecting Personal
Data
By John Soat
It won’t end, not until we learn the lessons of data
protection. I'm referring to the continuing
incidents of personal data loss: hacked data, stolen
data, pretexted data, data thrown away in Dumpsters,
data that falls off the back of delivery trucks, and
data inadvertently--or advertently--published on Web
sites where everyone and his brother can find it.
Here's a list of do’s and don'ts that your
organization needs to keep in mind.
These incidents are becoming laughably commonplace,
and the most recent is a real howler. On June 10,
along with a $200 radar detector, a "computer backup
device" was stolen out of the car of a college
intern working for a state agency in Ohio. In a
press release June 15, Gov. Ted Strickland said the
device contained 338,634 files in 24,333 folders,
which included the names and Social Security numbers
of all 64,467 people employed by the state. The
device also was found to contain electronic funds
transfer data for school districts and local
governments, as well as data on state welfare
recipients and on people who hadn't cashed
tax-refund or lottery checks.
I've put together the most salient lessons to be
learned from personal data loss incidents, and I've
organized them as a checklist; feel free to post it
prominently in your organization.
• Don't bring sensitive data home. The state of
Ohio's nightly data backup policy was two-pronged:
One copy stayed in the network administrator's
office, a second copy was to be stored off-site.
According to reports, the off-site part evolved into
the backup data going home with one of the IT
people, which eventually was delegated to one of the
interns. You know that old saying--don't bring your
work home with you? It applies here.
• Don't leave a storage device containing sensitive
personal data in your car. The same goes for
carrying it in your back pocket on the subway,
asking the person behind you in line to hold it
while you go to the bathroom, checking it into a
locker at the bus terminal, or leaving it on the
stool next to you in a bar.
• Don't delegate responsibility for sensitive data
to a 22-year-old college intern. "On its face, with
what we know today, this seems like a questionable
decision," the Columbus Dispatch quoted a spokesman
for the Ohio Department of Administrative Services.
I'm all for internships. However, when it comes to
data security, look for someone with a little more
skin in the game.
• Make sure your chief privacy officer knows his or
her job, and is actually doing it. Gov. Strickland
said: "The Chief Privacy Officer at the Office of
Information Technology will be responsible for
coordinating the implementation of improved data
security measures." That qualifies as closing the
barn door after the horses are gone.
• Encrypt, encrypt, encrypt! By middle school, most
kids today know their way around a keyboard and a
mouse, so don't assume that just because
"specialized knowledge and equipment" are needed to
read data off backup tapes, crooks can't figure it
out--especially if the files on those tapes aren't
encrypted, which these weren't.
Don’t be let your organization become another
statistic. Learn the lessons of data protection now,
reap the benefits later.
---Source: John Soat (jsoat@cmp.com, or phone
516-562-5326) and Information Week Magazine (www.informationweek.com).
|
|
|
Melissa Data
|
 |
| Enhance your
website, software or database with
easy-to-integrate data quality programming tools
and web services. |
|
|
|
|
 |
|
Save money on postage using leading
mail preparation software and other
direct marketing products. |
|
|
|
|
 |
Update & standardize addresses and
find out more about contacts in your
database.
|
|
|
|
|
 |
Find new customers perfect for your
business with our online and
specialty mailing lists.
|
|
|
|
|
 |
Locate the business information you
need such as ZIP Codes, address
verification, maps.
|
|
|
|
|
