A couple of weeks ago I blogged about the reported loss of personal data on a memory stick at PA Consulting. At the time, the Home Secretary unhesitatingly blamed PA for failing to process the data according to the terms of the agreement in place with them. The next step is reported today, as she has apparently cancelled the contract for the work PA were doing.
In one sense, I suppose it is commendable that data breaches are being taken seriously and that there are consequences when something goes wrong. On the other hand, there are some questions which the available reports leave unanswered...
For example, I have to wonder exactly how it became apparent that the data had been lost. Imagine you have been sent, say, a spreadsheet (NB - I have no information about what actually happened in the PA case... this is purely hypothetical), and you open it on your PC/laptop to work on it. You finish whatever it is you needed to do, and save the file.
I know in a lot of organisations, the default (and in some organisations the only) option would be that the file is saved on a server. In others the user would have the option of saving to disk or to removable media.
Now imagine you have saved the file to a USB stick, and you then delete the original (from email, server, temp file or wherever). Then you lose the stick. Hmm. Tricky. You might have to go back to the originator and admit that you've lost the file... and you would look a bit of a plonker.
On the other hand, imagine that the copy you wrote to the USB stick was only a backup... the original is still in your inbox as an email attachment, or on the server, or wherever. Under those circumstances, losing the USB stick, being aware that you had lost it, and owning up to having done so would look rather different. Indeed, it would suggest really quite good processes for tracking assets and for reporting their loss (despite the initial cock-up of losing the stick in question).
As I say, this is all entirely hypothetical. I have no idea which (if either) was the case at PA, where I bet some unfortunate people are having a pretty miserable time of it.
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}
Four words: "Everyone Needs Trusted Extensions".
(see http://www.sun.com/software/solaris/ds/trusted_extensions.jsp )
Granted, not everyone knows it, yet... Glenn Faden's blog (http://blogs.sun.com/gfaden/ ) is a good place to let your brain get used to this (for many folk) novel way of thinking.
Posted by Dave Walker on September 10, 2008 at 09:41 PM GMT+00:00 #