A procurement specialist at the Interior Department's National Business Center reported a CD as missing, which triggered breach notifications to 7,500 federal employees. This was despite the contents of the CD being protected by data encryption. Why? I'm truly perplexed.
The CD was lost around May 26. Information contained in the disc "was used to support billings from the vendor" and "presumed to be lost in the center's secured, restricted-access area." It was encrypted and password-protected. So why the notifications? The only reason for using encryption software is to protect information. Otherwise, why use it? I mean, it adds time to processes; means headaches if you forget the password; have to ensure the receiving party also has the password; etc...if encryption didn't do a good enough job, why would anyone willing go through all of the above? And yet, here we have a situation where an encrypted CD is lost, within a secure area, and people are notified. While I prefer people being notified of a breach than not, I also think that there is something to the idea of "data breach overexposure," where people don't pay as much notice once they're acclimated to something--anything. I feel that, as long as there was adequate protection, a breach notification is not necessary nor recommended. It's like mail from your bank: once you start getting what amounts to "junk mail" from your bank, you're also apt to ignore the important missive as well, such as bank statements and breach notification letters.
The CD was lost around May 26. Information contained in the disc "was used to support billings from the vendor" and "presumed to be lost in the center's secured, restricted-access area." It was encrypted and password-protected. So why the notifications?
The only reason for using encryption software is to protect information. Otherwise, why use it? I mean, it adds time to processes; means headaches if you forget the password; have to ensure the receiving party also has the password; etc...if encryption didn't do a good enough job, why would anyone willing go through all of the above?
And yet, here we have a situation where an encrypted CD is lost, within a secure area, and people are notified. While I prefer people being notified of a breach than not, I also think that there is something to the idea of "data breach overexposure," where people don't pay as much notice once they're acclimated to something--anything.
I feel that, as long as there was adequate protection, a breach notification is not necessary nor recommended. It's like mail from your bank: once you start getting what amounts to "junk mail" from your bank, you're also apt to ignore the important missive as well, such as bank statements and breach notification letters.
Again, puzzling: the business center has reviewed its processes and decided that in the future "this type of data is received only through secure network connections." If they meant to do this, and the lost CD is the trigger for finally implementing it, I can understand. However, it they're doing it because they think it offers "better" security...well, does it? The only way an encrypted CD poses a data risk is if weak encryption was used or if the loss was an inside job. The former is easily solved: don't use weak encryption. The latter....well, there is not real effective deterrent to the latter. But, I should point out that a secure network connection is also fallible to an inside job as well. In fact, when you think about it, the only reason a secure network connection is secure is because of encryption. Without additional details, it's kind of hard to tell, but it seems to me that changes were implemented for change's sake, without actually increasing security overall, which sounds as if it was good enough to begin with....
Again, puzzling: the business center has reviewed its processes and decided that in the future "this type of data is received only through secure network connections."
If they meant to do this, and the lost CD is the trigger for finally implementing it, I can understand. However, it they're doing it because they think it offers "better" security...well, does it?
The only way an encrypted CD poses a data risk is if weak encryption was used or if the loss was an inside job. The former is easily solved: don't use weak encryption. The latter....well, there is not real effective deterrent to the latter. But, I should point out that a secure network connection is also fallible to an inside job as well.
In fact, when you think about it, the only reason a secure network connection is secure is because of encryption. Without additional details, it's kind of hard to tell, but it seems to me that changes were implemented for change's sake, without actually increasing security overall, which sounds as if it was good enough to begin with....
Related Articles and Sites:http://fcw.com/articles/2010/06/16/interior-loses-cd-with-personal-data-for-7500-federal-employees.aspx