- subscribe to this site
Why, oh why, oh why, oh why …
Posted by Mark on Sep 23, 2008
Another day another data has been lost on a USB stick/laptop/CD *(delete as applicable) story. What is going on? Is this an inevitable result of technology moving forwards?
I think not, rather it is a sign of systems that are out of control with no responsibility being taken for the consequences of incompetence.
How many million names and addresses were on the CDs that vanished in the internal post, where the data had not had the bits criminals might find useful removed because of the cost? Well let’s look more closely at this story.
First, what cost? How much does it cost to create a database report that contains only the required fields? Answer – practically nothing. So why was all of the data transferred? Probably a combination of carelessness and incompetence.
Second, why CD? Most of us have had broadband for more than a couple of years, and the average 9 year old could download a movie in less time that the internal post takes to most a package between civil service departments. Perhaps we should put a 9 year old in charge of data management, I suspect it would have arrived.
Third, why internal post? Answer – laziness, having committed the sins of not sanitizing the data and then electing for an archaic means of transferring it, at least a man on a motorbike could have been used so that the data would have been signed for and it would have been known where it had got to.
Finally, not encrypted? Politicians talk about data being “protected by a password” and make it sound almost like the data is hidden behind a word written using large type. This just shows a lack of understanding. A password does not do anything itself, I can read most tape backups that have password protection just by bypassing it, what is needed is encryption. If the data is suitably encrypted AND the decryption password is complex enough then not even data recovery experts will break it.
This is all simple stuff, don’t transfer data that is not needed and do it using secure and monitored means. But we continue letting the lame of brain loose about the country so that top secret files can be left on trains, secret data can be stolen by breaking into a car and nicking a laptop, and if feels as if the people at the top would have our personal data sent by carrier pigeon if that meant they could avoid going to any effort and taking any care.
What is the answer? Apply some sensible standards, enforce them, and sack a few people who just take the mickey, and their bosses for letting them. Inability to pay the mortgage focuses most of our minds.
