7M families personal data mislaid by government.
At Tech-ed IT Forum I went to watch a couple of Steve Riley's session, he's quite the showman, but I'd never been to watch him in action - I found he got me to think about stuff I already knew in a new way.
One question he threw out to the audience. "How many of say e-mail is so important that it can only be Accessed from a managed corporate PC on the Corporate network ? i.e. you forbid mobile devices, access from Kiosks, from home, from the airport" {I'm going to call this model A} 1 person put their hand up, "And how many of you say e-mail is so important that it must be accessible from anywhere, using devices, Kiosk PCs, Public Wireless etc ?" {We'll call this model B}. Most hands went up "Why" he asked "does that only apply to e-mail ?". Steve's not alone in thinking about the trade-off between being secure (saying "no" to everything) and getting stuff done (saying "yes" to anything), and questions of acceptable risk. I may expand on some of these ideas when I'm talking about Terminal services at next week's road-show.
The other thing that Steve was talking about was the threats to data and three axes to classify it. The first axis was Confidentiality (from public information, through boring internal information and commercially confidential information to private personal information), the second retention (regulated - kept long term, Historical business data - medium term, to transient data) and the third was recovery (segmented into business critical , Urgent and non urgent).
I've thought about one of Steve's points before, but as I said he got me thinking about it in a new way. I've long known that we look at 3 dimensions of protecting data; it has to be available (it's no good if we can't get to it). It has to be correct (corrupt data is useless) and we have to guard its confidentiality. We rely on preventing access - the "Model A" approach to enforce confidentiality by controlling possession. But we're living more an more in a "Model B" world, where possession is outside our control. What happens when the company's secrets are on laptops or shared with partner companies ? In the end the protection must be on the thing you are trying to protect. That means among other things protecting documents with Rights Management and hard-disks with bit locker (or equivalent technologies). These deal with data "at rest" as Steve puts it. Other technologies (like SSL or S/Mime encryption of mail) protect documents "in flight".
Today the Chancellor has had to admit that HM Revenue and Customs have lost details of 25 Million child benefit recipients, which includes the bank details of 7 Million families. Since everyone with children in the UK receives child benefit that means my data is probably among them. If you've got kids and live in the UK there's no knowing where your data (Name, Address, dates of birth, NI numbers etc) is or what use it might be put to.
This isn't the first time HMRC have lost a big pile of personal data, and this time their Chairman has resigned. Encryption would have saved all this. I'm moved to wonder (a) Why the data was being put on disks and sent through the post ? and (b) If government departments are so inept, why aren't more people worried about them getting more data about us. (c) Can anyone get a top civil servant to resign just by hiding a couple of key CDs ?
Update. Inspector Gadget has his take on all of this. He ends with a comment about Blackadder Jokes. For those who think I'm not good at self restraint I'll point out that the I never joked about the chancellor's name, and even saved the link to this private-eye cover for an update.