Unencrypted portable hard drives really are a problem!

It’s amazing the amount of discussions there are on how to secure information in the cloud when we are walking around with sensitive information on a portable hard drive, maybe even a USB stick!

There have been two cases recently of lost personal information one was information pertaining to Canadian students and the other in April 2013, the Investment Industry Regulatory Organization (IIROC) admitted that the personal information of 52,000 clients from dozens of investment firms had equally been compromised.

Remember the UK HM Revenue and Customs that lost computer discs containing the entire child benefit records, including the personal details of 25 million people – covering 7.25 million families overall in 2007. There are loads of reported cases and probably many more unreported!

OK so how do we solve this? According to Daniel Horovitz it is about security awareness and policies that are enforced. With this I concur with completely. However I am also thinking that if no personal data was stored on any local device anywhere, that it was all web-enabled, private cloud, shared cloud. It would bring closer the BYOD device movement, and surely it must be safer than a mobile HD? Clearly security awareness and policy enforcement is essential, but it still does not seem to be working. If it was then these incidents would not be happening.

Ireland’s Data Protection Commissioner report 2012

Thanks to Robert Streeter (uk.linkedin.com/in/robertstreeter/) for sharing this. It gives some interesting reading on the number of DPA breaches and their nature, also some case studies. If you skip over the first couple of sections, the interesting stuff starts at the ‘Complaints and Investigations’ section on Page 7 😉

Google’s ‘Policy Violation Checker’

OMG, I picked this article up on Janet Steinman’s feed in LinkedIn. So what Google are doing is patenting a technology that basically detects written policy violations, e.g. in email messages, even before it is completed. I am wondering it it could be likened to the Autocomplete function.

The article is stating that it will be like having a ‘big brother’ peeking over your shoulder when you write. But I am thinking that if it is similar to the ‘autocomplete’ or ‘spellcheck’ function, maybe it is just another useful function and maybe this article is making more of this than it really is?

However if an organisation was to implement this, and they controlled the ‘policy violation checker’ from a central place, would this mean they could see if a policy had been violated, could they control what employees write in the workplace context. Is this a bad thing? I’m still scratching my head over this one….