Another major data breach

Published 22 November 7 1:24 AM | William

Although this time the incompetence and sloppiness wasn't the Veteran's Administration.  In each of the stories of this sort that I remember, the data turns up a few weeks later, is blamed on some small and innocent mistake and all kinds of assurances are given that no one actually saw the data.  That line of crap is a lot easier to pull when you're talking about a password protected laptop than an unencrypted, password free CD so they may have a little trouble trying to push the line that the data was never viewed by anyone.

This is going to be particularly bad b/c even if the original cd is recovered, who's to say it wasn't copied?  Normally, I guess I'm cynical enough to really doubt assurances of the  "No one saw anything sensitive" variety but in this case, I couldn't believe such an excuse no matter how hard I tried.

I've been told before that 'common sense' largely depends on where you sit.  Certain things for instance might be 'common sense' to a doctor that would never dawn on someone in another profession. And that's pretty much the line of argument I'm hearing from various commenters - to a lay person, encrypting data and password protecting it isn't necessarily common sense.  Not working for the English Govt I can't really say I know from personal experience, but my guess is that at some point in the day, when every one of the people involved came into work, they logged onto their computer. So it's hard to fathom them not at least appreciating the value of password protecting things.  Even so, I don't think the 'layman' defense will work here.  There have been too many high profile data breaches, hacks, screw ups etc to not know that personal data you're working with should be secured.

 

Again, I don't know what the English political climate is like right now, but if this were the US..... and it was a private company that did this... there'd be a bunch of crotchety old senators dragging the heads of the company up to Capital Hill and making them testify under oath as to what happened.  There would be a lot of finger wagging and Monday morning quarterbacking. But when the govt screws up, well, mistakes happen, no one is perfect and no harm no foul.  If English politicians  are anywhere near the headline whores that their US Counterparts are, then they'd no doubt be flogging the daylights out of a private company if they were responsible.  But won't have a lot to say other than the obligatory condemnations.  Screw ups of this magnitude, affecting this many people, that could have been prevented so easily really shouldn't happen. You shouldn't have access to that sort of data unless you prove you know how to handle it and follow agreed upon headlines (we can argue about what 'know how to handle it means' all day, but at a minimum, I think we can all agree that it should be encrypted and password protected, that access to even export this information should be restricted to a small and accountable group of people, and that any packaging and delivery be recorded and tracked from start to finish). 

Hopefully nothing comes of this and the CD turns up under a stack of papers in the mailroom or something.  And hopefully the people responsible will be spending the holidays in the unemployment office.

Filed under: , ,

Search

This Blog

Tags

Community

Archives

News

  • William G Ryan William Ryan Bill Ryan W.G. Ryan Charles Mark Carroll Charles M Carroll
    My Blog Juice Microsoft MVP
    Bill Ryan W.G. Ryan William Ryan
    Cuckooz' MySpace Page View Bill Ryan's profile on LinkedIn
    My Profile on Twitter
    Please note that this is my personal blog and the opinions expressed are my own. Also, comment moderation is about one of the least important things in my life so please keep that in mind. I can't vouch for the authenticity of any of the posters so please don't hold me accountable. And whatever you do, don't pretend to be Noted Option Strict Off expert and AspFriend Charles Mark Carroll when you post. Doing so will lead him to become apoplectic and write absurd accusatory posts about me that are as coherent and thought out as they are factually correct. He does a stellar job proving his reputation is well deserved and he doesn't need any help from you making himself look foolish. If I have to listen to him banging his spoon off of his high chair one more time, I'm going to burst into flames so please don't make that happen!

    My other sites

    Cool Stuff

    Book Stuff

    Security

    ORM

    Data Access

    Funny Stuff

    Compact Framework Stuff

    Web Casts

    My KnowledgeBase Articles

    My MVP Profile

    Design Patterns

    Performance

    Debugging

    Remoting

    My Fellow Authors

    My Books

    LINQ

    Misc

    Speech

    Syndication

    Email Notifications