New Zealand's privacy commissioner has released her annual report and has highlighted the need for better data security across government departments, possibly including the use of hard disk encryption software. Among her findings is that 95% of government agencies allowed the use of external, portable storage devices, and that 66% of them authorized the use of personal ones as well.
There were 806 complaints filed this year, an increase of 22% over 2008. After much investigation, the commissioner was, "forced to the conclusion that personal information about New Zealanders is not being treated with the same care and respect as other sorts of 'classified' or 'sensitive' information." I...don't know why this is surprising. I mean, can you imagine any reason why personal information ought to be protected to the degree reserved for state secrets? Oops, here's why: Examples of the most high-profile cases of lost data include Housing NZ documents mistakenly sent with eviction notices revealing the address of a senior manager to gang members and forcing her to leave her home under police protection. Granted, it's an extreme case; however, the above shows how badly things can devolve from revealing something as simple and common as a name and address (available in the white pages in most countries. Yes, I'm talking about a phone directory. Like I said, it's an extreme case). I don't think I need to point out how even more sensitive data is used for carrying out identity theft, quite successfully.
There were 806 complaints filed this year, an increase of 22% over 2008. After much investigation, the commissioner was,
"forced to the conclusion that personal information about New Zealanders is not being treated with the same care and respect as other sorts of 'classified' or 'sensitive' information."
I...don't know why this is surprising. I mean, can you imagine any reason why personal information ought to be protected to the degree reserved for state secrets? Oops, here's why:
Examples of the most high-profile cases of lost data include Housing NZ documents mistakenly sent with eviction notices revealing the address of a senior manager to gang members and forcing her to leave her home under police protection.
Granted, it's an extreme case; however, the above shows how badly things can devolve from revealing something as simple and common as a name and address (available in the white pages in most countries. Yes, I'm talking about a phone directory. Like I said, it's an extreme case). I don't think I need to point out how even more sensitive data is used for carrying out identity theft, quite successfully.
Is the fear of losing portable devices with sensitive data a real possibility? Of course it is. Can something be done about it? The answer is yes. You can opt to disallow the use of such devices or you can protect the data in them. USB port control software allows one to block certain devices from communicating with a computer when plugged into the USB port. An administrator (be it the enduser or some IT guy) can cripple the port itself, ensuring that even mice won't work. Or, a "policy" can be created so certain categories of devices are unable to connect with the computer, while other devices are allowed--ensuring that the mouse works, but not the external hard drive. Such policies can even be customized on a person to person basis, so Charlie can still use his USB flashdrive at his computer but Bob cannot. If there is a legitimate reason for using portable data storage devices, a better solution over port blocking and control may be encryption software. Encrypting one's data with security software like AlertBoot would ensure data integrity.
Is the fear of losing portable devices with sensitive data a real possibility? Of course it is. Can something be done about it?
The answer is yes. You can opt to disallow the use of such devices or you can protect the data in them.
USB port control software allows one to block certain devices from communicating with a computer when plugged into the USB port. An administrator (be it the enduser or some IT guy) can cripple the port itself, ensuring that even mice won't work.
Or, a "policy" can be created so certain categories of devices are unable to connect with the computer, while other devices are allowed--ensuring that the mouse works, but not the external hard drive. Such policies can even be customized on a person to person basis, so Charlie can still use his USB flashdrive at his computer but Bob cannot.
If there is a legitimate reason for using portable data storage devices, a better solution over port blocking and control may be encryption software. Encrypting one's data with security software like AlertBoot would ensure data integrity.
Related Articles and Sites:http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10612922