July 20, 2006

In America today, we are in the midst of a Privacy Meltdown. Personal information is flowing everywhere and there is a lot of it. Since the ChoicePoint theft of personal data in February 2005, the approximate number of *records* that have been compromised due to security breaches is 88,794,619[1].

With the Internet and advanced computer technologies, it’s now very easy to collect and aggregate large quantities of personal data. It can be in almost any desired format or structure and can be stored or distributed all without significant human thought. In the wrong hands, it can lead to identity theft and other forms of fraud against people and their company.

Everyone is talking about the problem, but very few are offering solutions on ways to protect personal information belonging to other people. The state laws don’t provide much help beyond stating that you should use encryption. They’re just ensuring there’s a hammer when a loss occurs. Additionally, few organizations have the technology or processes in place right now to properly encrypt data outside of a database. (Remember, most losses are occurring on backup tapes, personal storage devices or laptop drives.)

So, what can you do? One short-term answer is user education. I know, it’s not perfect and you can’t force people to attend or even listen, but sometimes it’s the only thing you can do in the short term.

Here’s a list for end users instructing how they can help protect other people’s personal information when it’s in their care:

  1. Remember: Everyone needs to participate in protecting their own and others personal information.
  2. Know what personal information is, where it resides, and how you come into contact with it.
  3. Limit access to personal information to only those with a need to know. If someone doesn’t need to see the information, then their access should be blocked.
  4. Appropriately protect the data to keep others from seeing it. This can be through encryption, other scrambling methods, or a compression program such as WinZip with password protection.
  5. Ensure personal information (yours or others) is not on a medium that can be easily lost or stolen. This could be on paper, on a portable hard drive (USB thumb drive) or other removable medium such as CDs or backup tapes. If it is, there should be controls in place for that medium.
  6. If you have a laptop, try not to store personal information on it and make sure it is protected from theft.
  7. Dispose of the data so it cannot be easily retrieved. This includes using the shred bins for paper products and destroying magnetic media and hard drives.

What other ideas do you have for solving this problem of a Privacy Meltdown? Send in a comment by clicking below.

By working together and helping each other, we all become stronger.

[1] According to the Privacy Rights ClearingHouse (http://www.privacyrights.org/index.htm)
About the Author Guest Blogger

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.