Newsletter - sign up here
Search Webster
Webster's pieces from The Oldie
Webster's Webwatch

Lock up your datas

October 2008


A laptop has turned up on eBay apparently full the personal details of the Council Tax payers of Charnwood Council. In June, a hospital lost six laptops containing information about some 20,000 patients; in August The Ministry of Justice admitted data losses that involved 45,000 people. These ranged from the serious loss of discs containing thousands of names and national insurance numbers to the faintly comic loss of a laptop with the names of 13 people who were being considered for Judicial Office - including details of their suitability for that office.

To make matters worse, much of this data was not only unencrypted, but protected merely by a password, which is about as secure as leaving your car unlocked and tied to a lamp post with string.
This really has to stop, but it won't be easy.

The main problem is not that it's now possible to store a huge database on a memory stick about the size of a cigarette lighter; it is that those in charge of large organisations don't usually understand what is going on inside their computers. This leads to most senior managers being, to put it mildly, out of their depth and out of control.

Here's why: each computer system has to have at least one "Administrator". That is, someone who has access to everything that is on it, and can do pretty much what they want with it whenever they want. The Administrator is primarily to deal with technical faults, so he is usually an IT expert, often not a high-ranking employee.

It's like a taxi firm employing a mechanic to mend the cars, and then giving him the keys to the filing cabinets in the office.

There is an answer, and as so often, it involves returning to a system that Oldies will recall worked well - the central database. In the olden days, a big firm would have a central filing system, usually locked away at night, and certainly in the care of someone fairly senior. You requested a file and it came to you. The librarian knew who had it. You did not take copies of it, and if you did take the file out of the office, it was just that one file at risk, not the whole database.

So it can be with computers. The way forward is to establish an electronic version of the central system, and some companies are already doing it. In other words they create one central, secure computer where the data is stored (backed up somewhere else, of course) which may be accessed by those that need to. Through the wonders of the internet, the computer doing the storing could be anywhere in the world, as could the people accessing it.

The key point is that the data never leaves the central file; it is just looked at from afar, through electronic telescopes. It is a relatively simple matter to make it impossible for those people viewing the data to copy it in any form, and you will have a clear audit trail of who looked at what.

Having set that up, you then treat the central database computer like the vault in a bank, with highly limited access given to only a few senior people who really know what is going on. This can be very easily subcontracted to specialist firms, just as you would hire a safe deposit box for your tiara.

So there we are. The risk of significant data loss evaporates. As so many times before, the answer is to look back and learn from the past. No surprise to Oldies.