|
The news today is replete with articles related to possible violations of privacy. The Chicago Sun Times reported on January 5, 2006 that “The Chicago Police Department is warning officers their cell phone records are available to anyone -- for a price. Dozens of online services are selling lists of cell phone calls, raising security concerns among law enforcement and privacy experts.”
The article continued, “Criminals can use such records to expose a government informant who regularly calls a law enforcement official. Suspicious spouses can see if their husband or wife is calling a certain someone a bit too often. And employers can check whether a worker is regularly calling a psychologist -- or a competing company.”
If anyone reading this column is alarmed at this news, allow me to create even more concern for you: The time is fast approaching where every facet of your private life will become available for a price to anyone with the cash and desire to obtain such data. Think of what has already been regularly violated that used to be private information: credit ratings, credit card purchases, credit card holder data, social security information, driver’s records, and medical records including history, insurance, physicians, and pharmaceuticals. And DNA analysis made its debut in 2005; your own DNA analysis is available to you for a price. Do you think this will ever fall into the hands of insurance companies?
Many individuals consider privacy and security as a single issue and discuss them as though a violation of privacy, in and of itself, constitutes a security breach. Nothing could be further from the truth.
When considering the Chicago Sun Times article again, it was reported that “some online services might be skirting the law to obtain these phone lists” and “in some cases, telephone company insiders secretly sell customers' phone call lists to online brokers, despite strict telephone company rules against such deals.” Insider threat is pervasive in many organizations, and is a potential threat in every organization.
What data does your organization (or department) possess, that if compromised or stolen, would result in harm to your employees, stockholders, clients, or worse? If anyone who is ultimately responsible for their organization’s custodial safekeeping of its data does not know the answer to that question, then they are the wrong person in that position. If that same “responsible party” has not taken steps to protect against insider threat, then they are negligent in performing their basic responsibilities.
The rate of change, the acceleration of technology, and the pervasive nature of developing methodologies whose goal is to mine all data of strategic or financial importance ensures that both privacy and cyber security will be under constant attack. The rate of success in obtaining such critical information is rapidly accelerating.
At the risk of being redundant, there is a solution at hand. This solution can protect all important data from anyone and everyone. You can maintain absolute control over every data element at all times. Further, you may log every access to any data element for future audit.
There is no need to suffer the present vulnerabilities experienced by virtually every organization imaginable. Software exists and is actively being developed that could prevent any classified or sensitive data from being compromised. Why are so few organizations preparing themselves for such a capability? What must happen before this important topic becomes more than rhetoric?
A recently-convened blue ribbon government panel announced last month that the government should be looking seriously at logging as a means to detect anomalies in data usage and to act as a safeguard to prevent improper use of data by those with immediate access. Now this recommendation will be studied for an indefinite time period, while our most important information continues to be compromised.
If individual privacy really matters and if the protection against unwarranted or illegal use of data is as important as it would seem, then the time has arrived for real action to be taken.
About the Author
Ronald I. Koenig is the president and Chief Executive Officer of VIACK Corp. He has more than 40 years of software design, development, sales and senior management expertise.
Go Back
|
