Search
Here in the UK 2008 will probably go down in history as the year that the general population realised that there data was being lost by... well mainly by the Government.
The Open Rights Group ( www.openrightsgroup.org ) is an organisation here in the UK that:
And by all accounts we need them!
This week they released a short web questionnaire that gives you an idea of how much of your personal data has been or could have been lost. It is quite scary, so if you are brave take a look over at http://www.openrightsgroup.org/dataloss
The accompanying blog post is interesting reading too: http://www.openrightsgroup.org/2008/12/ ... your-data/
Finally, you might also consider supporting them financially.
http://www.openrightsgroup.org/support-org/
For me the most annoying thing about all the data that is being lost is that it is that most of it was preventable. Mainly (and I don't have all the facts of course), the problems seem to be caused by poor design. The fact that people were able to copy data to CDs and USB sticks is the issue, not that people did it.
As far as I am concerned, the "system" should not have allowed people to do things that would result in the data being lost. So for example the databases should only be able to export into encrypted formats. PCs in these places should perhaps have the USB ports removed/disconnected and no CD drives installed. At least they should have software installed to prevent the use of CD and USB drives.
But the databases and database driven applications themselves should have prevented it as well. The client software should only be able to export to a encrypted format. The data inside the databases could/should have been encrypted.
The issue I suspect is that these organisations are trying to use the lowest bidder and there probably has not been enough informed leadership on the projects. So we end up with insecure systems being implemented that allow staff to innocently (or not) to act in insecure ways like copying data onto CD or USB stick.
I don't think we should blame the poor "grunt" who was told by some supervisor to "get this data to so and so". Nor should we probably blame the supervisor. We could blame the people saying that government departments need databases and to share data between departments quite so much. But most of all we should be blaming the project managers who implemented solutions that allowed insecure actions to occur.
There seems to be an approach of allowing sharing by default in these data loss situations. As opposed to the systems being designed to prevent any sharing by default.
As Britain accelerates towards ID cards and larger and larger databases about the general population, we can but hope that some of these projects start having better leadership and better more secure design.
The Open Rights Group ( www.openrightsgroup.org ) is an organisation here in the UK that:
The Open Rights Group exists to preserve and promote your rights in the digital age.
;){kind=logo}
And by all accounts we need them!
This week they released a short web questionnaire that gives you an idea of how much of your personal data has been or could have been lost. It is quite scary, so if you are brave take a look over at http://www.openrightsgroup.org/dataloss
The accompanying blog post is interesting reading too: http://www.openrightsgroup.org/2008/12/ ... your-data/
Finally, you might also consider supporting them financially.
http://www.openrightsgroup.org/support-org/
For me the most annoying thing about all the data that is being lost is that it is that most of it was preventable. Mainly (and I don't have all the facts of course), the problems seem to be caused by poor design. The fact that people were able to copy data to CDs and USB sticks is the issue, not that people did it.
As far as I am concerned, the "system" should not have allowed people to do things that would result in the data being lost. So for example the databases should only be able to export into encrypted formats. PCs in these places should perhaps have the USB ports removed/disconnected and no CD drives installed. At least they should have software installed to prevent the use of CD and USB drives.
But the databases and database driven applications themselves should have prevented it as well. The client software should only be able to export to a encrypted format. The data inside the databases could/should have been encrypted.
The issue I suspect is that these organisations are trying to use the lowest bidder and there probably has not been enough informed leadership on the projects. So we end up with insecure systems being implemented that allow staff to innocently (or not) to act in insecure ways like copying data onto CD or USB stick.
I don't think we should blame the poor "grunt" who was told by some supervisor to "get this data to so and so". Nor should we probably blame the supervisor. We could blame the people saying that government departments need databases and to share data between departments quite so much. But most of all we should be blaming the project managers who implemented solutions that allowed insecure actions to occur.
There seems to be an approach of allowing sharing by default in these data loss situations. As opposed to the systems being designed to prevent any sharing by default.
As Britain accelerates towards ID cards and larger and larger databases about the general population, we can but hope that some of these projects start having better leadership and better more secure design.