Not much time passes between reports of another authority, company or agency losing someone’s data. Spying or intelligence agencies nosing around your data is one thing, I’m referring to how people are losing our data the old fashioned way; laptop, train home, oops. Laptops, tablets and USB keys – all of them, appear to be dropping out of sight, and control at an alarming rate the world over. I know we live in the era of open data – but someone needs to explain that means sharing data, not leaving it in a pub toilet.
Last week I did a radio piece with Will Faulkner on Midlands Radio. Specifically we were looking at a report by Fiachra O’Cionnaith of The Examiner where following a Freedom of Information request, it was revealed that from January 2009 to Dec 2012, 69 devices owned or controlled by Ireland’s Health Service Executive (HSE) went missing, of which 61 of which have since been deemed stolen, this included 15 laptops presumed stolen in a single incident in the Midlands, in 2009. More than 50 had ‘sensitive’ data and, 20 were not encrypted. That’s a device lost or stolen, every three weeks.
Given the quote from Stephen McMahon above by I recalled a blog post I’d read a few years ago. So I got to browsing and found the excellent posts from 2008 & 2009 by John Lawlor of Trinity College in Dublin. John made the point contemporaneously that it was time everyone who was in control of:
personal private information, whether in the public or private sectors, took this issue seriously and started taking immediate, practical and effective steps to secure the data they store and control.
Alas, no-one acted on John’s good advice, which even went as far as including some pointers on encryption, from commercial to open-source and the practicalities around data-protection and security. Did anyone share blog posts then? Does anyone say “that makes sense, I’ll raise that at the monthly staff meeting – but I bet we have something in place already”; sad fact is, you don’t. Or if you do, no ones’ bothering to do what they should. Which is worse?
Using Cloud Computing to Build Next-Generation Government Services
In a previous post (regarding a private sector company, PA Consulting, who managed to lose data on thousands of criminals) John Lawlor referred to controlling access to internet storage sites as agency employees could create another vulnerability by using services like Gmail or Hotmail for storing data. Good advice at the time, and a there was indeed a trend for ‘send it to yourself’, at the time. The gigabtye (and counting…) of storage was new – and huge for its time. Five years on things have changed. Well, the technology landscape has changed, the indifference of employees entrusted with our data appears much the same. Cloud services have evolved radically, and it is now practical and safe to store confidential data using a cloud service.
I’m not suggesting that government agencies upload something like patient data to Dropbox or Skydrive; in fact commercial cloud services vary widely on how they treat our data, for example Skydrive and Apple explicitly reserve the right to scan your data, sometimes with embarassing consequences. as experienced by a German photographer. What I am suggesting is that as we talk up the opportunities of Cloud computing, as a job-creator and cost solver, we also use it to solve some data protection challenges. SpiderOak, a company I particularly like offer personal, business and enterprise cloud services whereby your data is encrypted before you upload to the cloud, so they don’t know what your storing with them. EMC run the clever and cost effective Mozypro, and Accellion offer FIPS 140-2 compliance services to stat authorities.
If you’ve got mobile devices with sensitive data, using Mobile Device Management software you can ensure important data is encrypted. If it’s stolen or lost the device can be wiped. And if you’re unsure whether it was stolen or lost or just where it is, by using a GPS boundary, you can ensure the device is wiped if it moves more than say, a mile from your office or 50 metres from an employees home. Waheed Qureshi the founder of Zenprise said to me last year, ‘people lose their tablets yes, but there’s no excuse for losing your data.’ Citrix and Good Technology amongst others, make this cost-effective, and more importantly, easy to do.
I’ve been a laptop user for more than a decade – and I’ve never lost one. Not one. I’ve never lost a tablet or a smartphone. Am I remarkably careful, security conscious and St Anthony is watching me? Maybe it’s just because I paid for them, myself. Cost = care. And care for our data, or it will cost, you and us.
External links & references
- Litany of HSE data breaches : Irish Examiner
- List of UK government data losses : WIkipedia
- Laptop Theft and Data Loss By Irish Healt
- h Service Executive : John Lawlor, 2009
- Microsoft & Skydrive uploads : WMPowerUser.com
- My secret crush on big data : redcert.com