Tuesday 1 January 2008
Underlying the recent IT Security disasters where the government lost citizens' data are a few glaring security breaches. How widespread are these dangerous practices? And do they happen in your organisation?
The Data Protection Act (and that increasingly rare factor, common sense) requires that personal data should only be made available to those who need it. So why did the names and banking details of all families in the UK with children, along with the names and addresses of many drivers in Northern Ireland, go missing.
There are several issues. In the first case, the amount of data being extracted and transmitted was hugely disproportionate to the stated need - it was supposed to be for an audit. Good security requires that you don't expose data unnecessarily, so only an appropriately sized subset should have been requested (or granted - the data owners can't claim security is not their responsibility). This means only the records that are absolutely necessary (not everyone's records), and only the fields that are required.
It's not even clear that the data had to be extracted and transmitted at all. Audits of personal data can be carried out by having the auditor move to the data. Sometimes the mountain is not supposed to go to Mohammed! If secure access for such users can be arranged for the necessary time (and that's a topic in itself), then the risk of data transmission can be avoided. There is a tradeoff of two risks here - of granting access to an additional user, versus exporting data. But the issue should at least be considered.
And if the data absolutely has to be transmitted, then it should be sent securely. This may or may not mean by burning disks and sending them. It could involve secure electronic transmission.
Whatever the transmission method, it must be appropriately secure considering the value of the data involved - risk assessment is required here. There may be existing organisational policies for how confidential, personal, or in confidence data must be handled, and how its release is authorised. If not, there certainly should be!
If physical transmission of storage media is chosen, there should probably be tracability, so you can tell as quickly as possible if the data has gone missing, and encryption so that if it does go missing, it is of no use to anyone who finds or steals it.
Encryption does not mean an excel or zip file with a password - those are trivial to break. A properly audited secure method should be chosen to encrypt the file. There are even Open Source solutions available to do this with no licencing costs - so there is no excuse for failing to do this. Besides - the data must have some value, right? Some cost, if it is lost?
Similar issues apply if the data is being electronically transmitted. You don't just email a spreadsheet - especially if the system is not directly connected to the internet. File Transfer Protocol provides no security against eavesdropping. You need to be confident you are delivering the data to the correct recipient, and not to a "man in the middle". And again, the data should be securely encrypted.
Accidents happen - but if risks are assessed, sensible policies implemented and followed, and proper precautions taken, then the amount of data exposed can be reduced, and the damage done by interception can be minimised - or avoided.
- Paul Dundas
