With data still being lost all the time by public bodies and private companies, you know there’s something wrong. When we give our information out, especially to public bodies, you expect them to be kept safe. But they’re not: printouts are being left on trains, laptops are being lost, and CDs are being lost in the post.
There are laws stating that data should be kept secure and removed once no longer needed, but this isn’t always followed. Whose fault is this? Do we blame the law for being too confusing, do we blame the staff for not following the law, or do we blame the corporations and the government for not training the staff?
The fact is, whoever is to blame there is still the problem that USB sticks are still being left on trains and CDs are still being lost in the post. No matter what data security policies are in use, they don’t seem to be followed. Afterall, humans are humans and they will always be lazy, slip up, and this is where things go wrong.
But how do we fix this? I’ve always believed that if somebody does something wrong on a computer, it’s not the fault of the user but of the software for letting them do it in the first place (or not making it clear enough that this is the wrong thing to do). Sounds confusing, but bear with me.
How is it possible to put all this data on USB sticks and CDs in the first place? Who would ever need to get access to all of this anyway? The National Audit Office only needed a small amount of the child benefit database: personal details weren’t needed and so the data could be anonymous. But the whole lot was sent anyway because it would cost too much to extract that small amount. The questions that should be asked are “Why was this person able to do this?” and “Why did it cost so much anyway?”. The lessons that should be learnt is to improve the database to stop these accidents from happening again, not toughening policies.
But then again, maybe I’ve got it all wrong. Should we be tightening data protection policies instead? Maybe bigger fines for those companies that don’t follow them: afterall, companies would try harder to keep their data safe if they knew it would be financially damaging otherwise… or would they?
I guess data security is going to be one of those debates that will be with us for a while. Perhaps there’s just no easy answer, and the current government are doing the best they can. What do you guys think? How would you make data more secure? Who do you think is to blame?