Who is Responsible for the Data Loss?
By Moshe Zeidman in Reader
Posted in SME, Risk Management, Security on December 2, 2007 at 8:55 pm
“I’d like to make a withdrawal please”.
“Certainly Sir, How much would you like to take out today “?
“Oh, £25 million should do”.
- If I walked into a bank and made such a request (wake up Moshe) I would expect to see more than just the branch manager, his senior, and probably one other, sign, countersign, and counter-counter-sign such a transaction. Such seems not to have been the case with 25 million personal records.
The blogs still haven’t stopped buzzing with the news that 25 million government records copied to CD were “lost in the post”. At least we know that there is one identity that still remains secure. The government reported the failure within its ranks was due to a “junior IT official”, and at least his identity currently remains unknown. No doubt the tabloids are in hot pursuit.
It is as if knowing the name of the person responsible for this grievous mistake will pacify us and help us move on. We will probably not find out, and in truth it does not matter. Substitute “junior IT official” with “the guy responsible from my department”, or better still, “Mr Everyman”. We all need the wake-up call.
I can’t claim any special insider knowledge of this event, but readers of this blog will note a submission (actually written two weeks ago) where we argued the importance of end user training within security and risk management. Whatever the data transfer policy was within Her Majesty’s Revenue and Customs, is likely irrelevant. The request for such a large amount of data should have set alarm bells ringing for Mr Anonymous and also his line managers.
I do not wish to cover material so ably discussed elsewhere, but it is interesting to note the reaction of anger and horror within the press and beyond, that an event like this could occur with such important data from within the heart of government. This response is quite understandable and reasonable, but it does hide the lessons we should take to heart within our own sphere of influence. Could something like this occur, albeit not on the same scale, within our own business, club, or organisation?Rather than seeking out the identity of the “junior IT official”, let’s use this as an opportunity to ensure we would not fall foul of such a scenario ourselves.
Rated: 80% (1 votes)
Loading ...Comment by Guy Vegoda - December 6, 2007 on 12:26 pm
Moshe makes a good point. At my organisation, by and large, all the IT kit works fine, but the users often don’t have the skills or knowledge of procedure to use it properly. If other people’s organisations are anything like ours, lack of training - both in terms of IT skills and in terms of basic procedures - has got to be one of the most ubiquitous and perennial problems facing the industry.
Hats off to Moshe for making the point - but what next? How do we tackle the issue? How do we enforce policy?
Make a comment
Tag cloud
Most commented posts
- Do Kids Really Learn at School?
6 comments
- M&S Bras, Woolly Jumpers, and IT Professionals
- Ahhh, the Wonders of Technology!
- Google Vs. Microsoft - Office Politics
- Financial Turmoil, Recession, and Successful Business
- Sage Software - The Big Sell
- Who is Responsible for the Data Loss?
- What Are Your New Year IT Resolutions?
- How Much! In Defence of Microsoft
- Sage's Self-Accounting
Highest Rated Blog Posts
- Do Kids Really Learn at School? (100%)
- How Much! In Defence of Microsoft (100%)
- Power Cuts and Programming (100%)
- What Are Your New Year IT Resolutions? (100%)
- Microsoft and Yahoo! What’s the end game? (100%)
- Microsoft’s Answer to the Google Challenge (100%)
- Ahhh, the Wonders of Technology! (100%)
- Goodbye XP... Ten Days to Go (100%)
- Google Vs. Microsoft - Office Politics (100%)
- 'Not the Nine O'Clock News' and IT Support (100%)