Jun 22, 2007 (08:06 PM EDT)
IT Confidential: A Checklist For Protecting Personal Data
Read the Original Article at InformationWeek
When will it end? Apparently, not until we learn the lessons of data protection. I'm referring to the continuing incidents of personal data loss: hacked data, stolen data, pretexted data, data thrown away in Dumpsters, data that falls off the back of delivery trucks, and data inadvertently--or advertently--published on Web sites where everyone and his brother can find it.
These incidents are becoming laughably commonplace, and the most recent is a real howler. On June 10, along with a $200 radar detector, a "computer backup device" was stolen out of the car of a college intern working for a state agency in Ohio. In a press release June 15, Gov. Ted Strickland said the device contained 338,634 files in 24,333 folders, which included the names and Social Security numbers of all 64,467 people employed by the state. The device also was found to contain electronic funds transfer data for school districts and local governments, as well as data on state welfare recipients and on people who hadn't cashed tax-refund or lottery checks.
I've put together the most salient lessons to be learned from this incident, and I've organized them as a checklist; feel free to tear out this page of the magazine, or print the list from the Web site, and post it prominently in your organization.
One last point. Gov. Strickland hired a local computer security company called Interhack to make recommendations regarding encryption and other policies. Is it really wise to hire a security company with the word "hack" in its name? I don't know, I'm just asking.
Is it really wise to tick off a computer security company? It's just a joke, guys, don't take it personally. Send me an industry tip or I'll take it personally, to firstname.lastname@example.org, or phone 516-562-5326.
To discuss this column with other readers, please visit John Soat's forum.
To find out more about John Soat, please visit his page.