Thursday, January 03, 2008

Data Loss, the tip of the Iceberg

The 25 million names business, the Driving test candidate records lost by Pearson, the recent data loss by Norwich Union. All of these have been highly public losses of large quantities of personal data. I would venture that these are just the tip of the data iceberg.

The reason these stories came into the public eye is because the data loss was detected, for whatever reason. What most people fail to realise is that this kind of data theft could occur without it even being known about.

Consider this: 25 million names, addresses and accompanying bank details were held on 2 CD's. This is a total of 1400 megabytes (MB) of storage space. The Micro SD card I use to hold MP3's on my phone is 2GB (2000 MB) in size. To put it bluntly, a device I can pick up from any high street electrical store for under £20.00 is easily capable of holding the personal data of 25 million people.

Now consider the links in the chain where the data could be stolen:Most companies have an IT department, programmers and senior support staff are likely to have access to customer data, sometimes more junior staff will also have access.

Additionally, companies take regular backups of this data. This data may be stored on site, but for many companies this data is their lifeblood and is likely to be kept on a separate site in case of such incidents as fire. Data could also be stolen at this point.

Companies with websites are vunerable to hacking through the website, a small company may not even have the mechanisms in place to detect an attack, let alone prevent it.

Finally, consider who has your personal data: Your bank, your electricity company, your gas company, your phone company, online stores, numerous government agencies; it's a long list of people who could potentially mess up.

In conclusion, there are a large number of opportunities for potential data loss. Loss of name and address data is not all that problematic, marketing companies have legally bought and sold this data for many years without problems. Financial data is more problematic, I'll explain why in my next post.

Wednesday, January 02, 2008

We just think it's bad because we've read 1984...

A friend of mine who, for his sins, supports the Lib Dems recently said to me "I oppose ID cards on principle". Henry Porter, self appointed defender of civil liberties also acts as if his arguments are based on some fundamental principle that the government is violating.

I take objection to the idea that you can oppose ID cards on principle.

In order for objection to something on principle, there needs to be a clear rule that is broken. There really doesn't seem to be a clear that rule the government's ID card system violates.

In truth, the argument against ID cards is a simple slippery slope argument. There is nothing unprecendented or fundamental about it, people who use those terms are simply trying to mislead, and that ladies and gents is the root of my dislike for Henry Porter.