Data breaches

From Blindside

Jump to: navigation, search

Contents

[edit] What is it

When businesses or government gather huge amounts of personal data in a single system without adequate procedures it invites the possibility of massive data loss. Somehow, despite all the best efforts of IT security professionals, these breaches have emerged and continue to happen on a vast scale.

[edit] Impact & Maturity assessment

[See definition of levels]

We assign this an Impact Level of 3, our highest level, based on the frequency of such data breaches, mostly due to human error. We assign this a Maturity Level of 1, as the ease of breaching data systems through internal access or by human error is not likely to be addressed at the same rate as building defences against the much smaller threat of 'stranger danger.'

[edit] Information Assurance issues

Data breaches allow crimes of impersonation and undermine public confidence in large online systems.

Some such as Ross Anderson argue the UK needs its own data breach disclosure law.

[edit] Timescale

This problem is chronic now, and it's not clear whether measures are in place to mitigate it in the immediate future.

[edit] Examples

The 2003 California law requiring disclosure of data breaches started to reveal the scale of this problem in the US. Now 30 states have such laws - see chart. The US law can also reveal knock-on effects on UK data subjects, such as in the TK Maxx case which affected US, UK, Irish and Puerto Rican customers.

Privacy Rights Clearinghouse keeps a list of known data breaches since ChoicePoint (running at 104m records as at March 2007).

UK public secor examples include MTAS junior doctor jobs website - BBC report

Private investigators fined for "blagging" information from DWP

A quarter of data breaches affect the public sector, according to the Symantec Threat Report

[edit] Comments (attributed)

What people say about this emerging technology (attributed)

[edit] Organisations

Groups which have a particular contribution or point of view about this emerging technology, eg tech businesses, user organisations or advocacy groups

[edit] Documents & research papers

See also eg Richard Stiennon piece That's a lot of credit cards

US Agriculture Department databases leak of tens of thousands of social security numbers New York Times

[edit] Experts (academic, practitioner)

Links to academic experts or expert practitioners and commentators on this emerging technology

Retrieved from "http://www.blindside.org.uk/wiki/Data_breaches"
Personal tools

Blindside wiki is the place to collect issues and opinions on future technologies that may have implications for information assurance. Opinions are fine, but need to be clearly shown as such, and referenced to the person or people who holds those views.