Newfoundland data take out

It never rains, but it pours. Another data loss story has broken closer to home… well, Newfoundland is not that close but too close for comfort:

It seems that a “private sector consultant” on a provincial government contract (not unlike The Portable Consultant, in fact) took a government PC home and may have exposed personal data to the public Internet.

The initial reports are technically vague, but the reports of the incident seem to point to a situation that is wrong on so many levels that it’s enough to make me want to tear my hair out… umm… so to speak.

Government PC’s should never be taken home… or even invited to drinks and a dinner! What may be a properly behaved PC in a government cubicle becomes a rogue “unmanaged system” when it is removed from the safety of its usual firewalls.

Production data covered by privacy restrictions probably has no reason being on a PC in the first place. Such data should probably be locked up in encrypted databases on secure servers and only access via secure methods.

The consultant should probably have been working with dummy data. In any case, they should be reading Privacy for Dummies and writing a short quiz before they are allowed near restricted data.
The story has a bizarre twist with a so-called “representative of a security company” contacting the consultant to tell them that they were “in possession” of some of the patient records. Since when would anyone in security actually download such data if they came across it? Sounds a bit wierd.

Unfortunately, the news media often don’t have enough resources with the expertise to ask the right questions when a story like this breaks.

Perhaps it’s enough to know that it appears to have been the result of not one, but many lapses of security policies.

Cheers,
-pmh

UK data loss case – “Penny wise and pound foolish”

Cost cutting is being blamed for the loss of massive amounts of personal data in this widely-reported UK government data loss case.

The Portable Consultant knows of at least one excellent free open source data encryption tool that could have protected the data.

How very, very sad for all those concerned.

The protection of data where privacy and security issues are involved should never be subject to cost cutting considerations in this manner. The public good demands an informed threat/risk assessment process conducted by professionals who understand the risks and the real costs of such data loss.

A example of the true meaning of the English expression “Penny wise and Pound foolish”.

-pmh

Virtual work at Sun Microsystems is a Wonderland

It was the spring of 2006 when The Portable Consultant first posted comments here about Second Life’s virtual world.

That was a playground (umm… for adults, you know – like Vegas).

Now we can go to work in a similar environment.

Sun has recently set up a virtual world for its teleworkers, very much like Second Life.

…and they appear to be giving it away as open source.

Now, I’m sure you will want to think very carefully about the design, and clothing, of your workplace avatar!

Cheers,
-pmh