2015-06-18

Data breaches illustrate that we need privacy

The US Office of Personnel Management (OPM) has been the victim of a dramatic data breach over the past several months, in which personal details of millions of people have been lost to, presumably, an unfriendly foreign power. This includes advanced security clearance forms of 127 pages (each) in which people divulge very personal information about their past and present bongs, liaisons etc. It also provides details of family relationships of people working in very sensitive (or secret) capacities.

That this happened at one of the most well resourced organisations on earth is striking but anyone even casually familiar with IT policies and procedures at large institutions might not be very surprised. If our personal data are stored by a large number of institutions, some or most of them careless and incompetent, sooner or later breaches will take place. I have a strong feeling that eventually the public will realize that it (and the general order) are under threat from this.

My first response was to think that personal data should simply not be available online and that businesses and governments should store their data offline, preferably in files in long hand. However, the genie is out of the bottle and any information that BigCorp or GovDept have can relatively easily be digitised and placed online. The better solution is to simply stop providing superfluous data to all the entities that currently ask for it. We need to provide far less data than we did 30 years ago!

Take your gym, for example. Their operational need is really for a proof that you paid the fee and some way (e.g. a photo) to ensure that two or more people do not use the same membership. At most, an emergency contact number might be included. They actually do not even need to know (and store) your name. I am looking forward to the start of a revolt against the personal information form...



OPM head blames old security, lax practices for cybersecurity breaches
http://rt.com/usa/267673-house-hearing-opm-security-breaches/

OPM's archaic IT infrastructure opened door for massive data breach
http://www.federalnewsradio.com/520/3876868/OPMs-archaic-IT-infrastructure-opened-door-for-massive-data-breach

Massive data breach followed 'long history' of failed IT systems at OPM
http://www.washingtonexaminer.com/massive-data-breach-followed-long-history-of-failed-it-systems-at-opm/article/2566338

Sex, lies and debt potentially exposed by major data hack
http://www.theage.com.au/it-pro/security-it/sex-lies-and-debt-potentially-exposed-by-major-data-hack-20150615-ghokkp.html