Nintendo Switch review: Hands-on with the intuitive modular console and its disappointing games…
Over 6000 Driving licence details this time
The exact number of medical staff affected is not yet known
Thousands of staff have had their personal details leaked after a Merseyside health care trust "accidentally" sent them out.
The worlds gone mad lately
I find it difficult to believe that occurrences like this are a new phenomenon so, if five disks (it may be more) have gone astray within the last month, how many were lost in the previous months - with the loss being kept secret from us?
I think a record of lost discs was put onto a disc, but it was lost.
A yes, but how would you know?
Given it would be somewhat embarrassing, I bet it would be encrypted!!!!!
on these CDs, but that was probably just good luck.
These security breaches do seem to be happening more often, or perhaps it's just that we hear about them now, whereas in the past they may have been kept quiet. Either way, it's a concern, and must be stopped.
You don't need to be a genius to devise a data security policy which fails safe, and prevents any personal information from being at risk - it's a matter of thinking about the ways that data might leak from your databases and sealing them off, one by one. The key, or at least one of the most important keys, is to limit the number of people who are authorised to copy databases, or extracts from databases, and that's usually not too difficult. Next, you limit the number of people within an organisation who are authorised to request extracts from databases, so you plug the potential leak from both ends - the requester and the provider must both be senior people, or senior people must sign off requests from subordinate colleagues.
The important thing is to establish a method of creating audit trails, so at any given moment you can snapshot your data movement situation - you (and by 'you' I mean the person or people who manage the business) must be able to know when data moves - both within an organisation and outside it. If data disks are entrusted to third-party carriers and the information on the disks is sensitive in any way they must be moved on a 'hand to hand' basis - a courier must personally receive the disks, sign for them, and hand them personally to a named individual at the destination point. That individual signs to say the disk(s) arrived, and assumes total responsibility from that point.
It works, but it must be carefully set up in the beginning - and there must be no variation from the policy, ever, under any circumstances.
Like €dstowe I too find myself wondering what else has gone missing that we've not found out about.
I find it hard to believe that everything has been secure and nothing has got lost for years and all of a sudden things are going missing left right and centre.
Clearly they have either no real knowledge of security or have been bypassing the system that is there.
It doesn't take a security genius to work out that some things you should not do. They obviously have no one working there with some common sense.
I was lucky enough to be at the top of my particular but little tree when working. IT was handled very carefully in terms of access, read/write/alter authorities and copy authorities. It is not rocket science but rather the application of simple risk evaluation.
And no, I did not have full authority for everything, I did not grant it to myself because I did not know or understand enough about the workings of all the systems.
Frankly, I'm both saddened and amazed at some of the basic lack of risk assessment in senior Government Dept's.
The information would easily allow cloning of a vehicle with the knowledge that any such act could be tailored to the area in which the vehicle is normally used. Further, duplicate `genuine` documents may be obtained with these details re-registering the subject vehicle as if the owned had moved house.
I think that makes it `sensitive` enough. After all a vehicle may be quite valuable in monetary terms.
Your data security policy setup is how it should be, but are you seriously suggesting that this government would understand a word of your proposed security policy?
This thread is now locked and can not be replied to.