Welcome to our fully functional beta site. We welcome all comments
informed!
The Informatica blog - Authored by Claudiu Popa

Are data breaches a matter of life and death?

Does anyone need to die because they have created embarrassing information breaches?Security assessments are always interesting. I know, I do them all the time. You can never guess what you'll find when you're investigating a breach and a federal agency recently found that to be true.

Human Resources and Skills Development Canada lost a USB key with personal information on some 5000 Canadians. As is the case with things you're looking for, those are precisely what you don't manage to find. While investigating the missing memory stick the agency discovered the disappearance of an entire hard drive containing personal information on more than half a million student loan borrowers.

It's an embarrassing incident and the Human Resources Minister has 'expressed disappointment' even as the RCMP is 'assisting with the incident'. The federal Privacy Commissioner's Office is now investigating.

The complicated part now that the agency's reputation has taken a direct hit is that the personal information required to notify potential victims happens to be the very information that is most likely to have changed. While social insurance numbers, dates of birth and full names may remain the same, changes in address make it tricky to contact the victims whose lost records date back more than a decade. Individuals are invited to call a toll free number to determine if they are affected.  

Is it embarrassing for the HR Minister? You bet. But imagine you were one of the staffers whose lapse of awareness created the embarrassing mess in the first place.

In a situation loosely reminiscent of the nurse that recently took her own life after falling for a radio prank targeting the Duchess of Cambridge (http://bit.ly/X3heZ5), a former Ministry of Health employee was found dead this past week, after being investigated and fired over an internal privacy breach.

In another similar situation, a talented young man and ardent advocate for freedom of information has taken his own life after a long legal battle against allegations of hacking into an online repository that sold academic research papers with intent to distribute them for free. He was facing 35 years in jail and a one million dollar fine. Ironically, the site he hacked recently started distributing the papers for free.

Different situations that seem similar to me. Talented people facing an enormous degree of depression, anxiety and indeed, the prospect of severe repercussions. A dedicated nurse and mother of two, a Canadian PHd student just days from completing his term, an Internet whiz kid known for co-creating the ubiquitous RSS feed mechanism that powers many Internet news feeds.

We've gotten really good at investigating security and privacy breaches. We have frameworks in place to point fingers at the guilty and impose punishments designed to act as a strong deterrent to script kiddies and other curious hackers. But if indeed this is what the evolution of intangible assets has come to, it is a sad reality. Even if other factors played a major part, the value of lost data is never equal to the loss of human life. However severe, the damage of an organization's reputation can never be worth the loss of dignity of a human being. Not if that person is led to feel that they only have a choice between watching powerlessly as their life is destroyed (by the media circus or a hard charging legal process) or ending it before someone else has a chance to do so.

As for the damage to large organizations, TJX, Equifax, CIBC and dozens of other publicly traded companies repeatedly demonstrate that even the largest, most embarrassing breaches have little effect on stock prices. In the public sector, of the 80 (!) privacy breaches reported by Canadian federal agencies last year a quarter were the responsibility of Human Resources and Skills Development.

In the early 1920s, the Enigma machine was a portable encryption machine with rotor scramblers used for encoding and decoding confidential messages....
Bleeding hearts unite, the OpenSSL Heartbleed bug threatens to impact user privacy and business security online. There's a new security vulnerability in town. It's not even that new, we just didn't know about it until now. But it's a whopper and it threatens to i...
Independent risk assessments are the most basic best practice in business.Security is about risk. And risk is about numbers. Given the high probability of suffering data security and privacy breaches, is it any wonder compan...
Netflix just the latest brand used in wave of phone text support fraudEver wonder what the use of stealing millions of email addresses is? All those often downplayed, 'low sensitivity' data breaches have massive potent...
Layered SecurityI'm often surprised at the public's disappointment with the realization that security processes are not directly analogous to the medical notion of im...
Target breach will have serious consequencesThis past Christmas season hasn't been kind to the Target chain of retail stores nor to its brand. A brazen attack took place in December that affecte...

Welcome to Informatica

Be Secure.

Be Trusted.

Follow us on