Tuesday, January 22, 2008

People Who Hold Data Should Be Careful

When I worked on the data-tending side of the database equation, I was afraid every single day. No, I'm not mentally ill (well, I'm not paranoid, specifically). I just had a management environment that was fixated on the idea that data security was a big, important issue and should always be on our minds. We didn't do everything we should have, probably, but we made every effort to make things tight: encryption on hot stuff, one way encryption on hot stuff that was more easily accessed on the web, firewalls between the servers hosting web-available stuff and the servers hosting the in-house stuff, no data on laptops that were taken offsite, VPNs to connect, and so on.

I don't want to tell you too much, because then I'd have to kill you.

In any event, worrying non-stop about data security is a good idea. As Cory Doctorow notes on BoingBoing this morning, data breaches are really serious business, most significantly for the people whose data is breached.

So telecommuters, please don't make a local copy of the database on your laptop with "only a few" records. Please. Don't.

No comments: