When you say (data leakage) it makes me feel (choose one: scared, angry…confused.)

Uncategorized Posted Mar 31, 2006 by metropolis

From CHEN PR Veep Kevin Kosh…

I’m sure we’ve all heard this “MadLibs-esque” phrase in seminars on appropriate business conduct, and while we all appreciate the need for education and awareness, phrases like that that have become a punch line in some cases as part of the backlash against overcompensation in political correctness – case in point is the popularity of NBC’s “The Office” that revels in its political incorrectness.

But railing against political correctness is a well worn path and not my point here, however, there seem to be events occurring in data security at the moment headed in a similar direction. There’s a very interesting story in eWEEK this week by Larry Dignan, titled “In Florida, Data Breach, Offshore Outsourcing, CYA Collide.” It covers a “data breach” of which the State of Florida threw up an alarm to 108,000 former and current employees regarding potential mishandling of their personal data. In describing the breach, Florida cites a subcontractor who sent information offshore, and also quickly states that it has “received no reports of identity theft as a result of the offshore work.” With 53 million consumers personal information compromised in the last 13 months, this is obviously no laughing matter, but the question is, is it a breach of protocol or a breach of trust? And to Larry’s point, putting the event in such close proximity to phrases like “identity theft,” creates a linkage that may be inappropriate and even alarmist.

Larry sums up the issue well. “The crime: Florida data was being sent offshore because its subcontractor had a subcontractor that went overseas.” He then goes on to say, “OK, so to this point all we know is that Florida can’t keep tabs on its vendors’ vendors. At last check, offshoring wasn’t illegal.”

There’s a lot to be worked out for sure from a data security and a regulatory standpoint to adequately protect and inform consumers, but in the meantime, this probably will be one of many alarms raised out of fear rather than reason.

And of course, years from now we can all look back on this and get a good laugh as some sitcom star jokes about SQL injection and cross site scripting attacks – oh the fun we’ll have. And if you can’t wait, there’s always those great CitiBank identity theft commercials that make identity theft funny.