In April this year it was reported that The HSBC banking group offices in Southampton had lost a computer disc with the details of 370,000 customers.
The lost customers' details included their names, dates of birth, and their levels of insurance cover.
But you don’t need to lose a disk to have security breach, deleting data from old laptops and servers, when they are disposed of is not as easy as it sounds; failure to do it right can create a window of opportunity for your confidential data to be retrieved and end up as tomorrow mornings headlines.
It is important to have a specific data erasing procedure and get some help with the process to ensure your data is definitely deleted – it is not a matter of just pressing “delete”.
Bill Taylor-Mountford, general manager of Acronis says "Deleting data leaves a fingerprint, or a ghosted image. With the right tools, specialists can recover the data after it has been deleted. That's why some software-wiping algorithms use 35 passes to destroy data."
The lost customers' details included their names, dates of birth, and their levels of insurance cover.
But you don’t need to lose a disk to have security breach, deleting data from old laptops and servers, when they are disposed of is not as easy as it sounds; failure to do it right can create a window of opportunity for your confidential data to be retrieved and end up as tomorrow mornings headlines.
It is important to have a specific data erasing procedure and get some help with the process to ensure your data is definitely deleted – it is not a matter of just pressing “delete”.
Bill Taylor-Mountford, general manager of Acronis says "Deleting data leaves a fingerprint, or a ghosted image. With the right tools, specialists can recover the data after it has been deleted. That's why some software-wiping algorithms use 35 passes to destroy data."
Milton Baar, director of IT Security consultants, and committee member representing Australia for ISO27001, the international standard for information security management says this about Australian organisations "They need corporate governance practices, which cover information security issues.”
Inadvertent data security breaches are a big issue, and if you have an inadvertent data breach you may have to report it publicly to the Authorities.
On 16 June the Office of the Privacy Commissioner closed submissions for Draft Voluntary Information Security Breach Notification Guide.
Major enterprises including IBM Australia, National Australia Bank, Telstra Corporation Limited, Microsoft Australia, Suncorp-Metway Ltd & Unisys have made submissions.
The big Government Departments like Centrelink, Department of Human Services; Inspector General of Intelligence and Security and the Australian Tax Office have also weighed in.
Small changes to legislation and reporting requirements can have a big impact on the bottom line cost of compliance. You can read the submissions by each of these organisations here http://www.privacy.gov.au/business/consultations/breach_notifications.html
REFERENCES
http://www.smh.com.au/news/businessinnovations/the-key-to-data-wiping/2008/06/30/1216162955556.html
http://www.privacy.gov.au/publications/breach_0408.html
http://www.privacy.gov.au/business/consultations/index.html
http://news.bbc.co.uk/1/hi/business/7334249.stm
REFERENCES
http://www.smh.com.au/news/businessinnovations/the-key-to-data-wiping/2008/06/30/1216162955556.html
http://www.privacy.gov.au/publications/breach_0408.html
http://www.privacy.gov.au/business/consultations/index.html
http://news.bbc.co.uk/1/hi/business/7334249.stm
No comments:
Post a Comment