Tuesday, June 22, 2021

When Data Spills, Who do You Notify?

So by now most of you know that a few weeks ago someone stole my

backpack, which was holding my laptop, my PDA, my pager and my wallet.

You can imagine, in the little closet of your most secret fears, what

would happen if you lost all of your electronic gizmos that help

your brain return the correct answer for just about every function call

in life. All at the same time.

So here I sit, with my brandnew, pristine laptop. (I’ll only say I don’t

run the House of Gates, and it’s 10 times more likely to make me smile.)

I love a new laptop. You get to put everything where it belongs this

time, and not where it’s expedient to put it. You get to set up your

document folders in some sort of logical fashion instead of a folder for

today, a folder for Oh yah I forgot (you can do that in

Unix), and another folder for the past.

But dammit there’s actually nothing on it.

I’ve got no appointments. I’ve got no notes, no contact lists… Oh,

wait. I do have 1,700 pieces of mail I’m still sorting through two weeks

later, and more coming in because I have no mail filters! You can

only set this stuff up so fast.

But it makes me realize just exactly how much stuff I had on the laptop I

lost. Now, I can be relatively assured that no sensitive data was in my

posession because I don’t deal in SSNs, research results or other types

of data that might be considered confidential or sensitive by the

originator or custodian of that data. The worst that happens is someone

sends me their password in email. I call them up and make them change

their password on the phone, then I delete the email message, and wash my

eyes out with soap to burn the image from my mind. (Ok, I do everything

except for that last part.)

But here’s the question… What is the right thing to do?

If you were to lose it all, how would you recover? Do you have a

policy of notification in the event of what they politely call ‘a data

spill’? Are you allowed to say, ”Oh, it’s OK. It was in binary and no

one will piece it back togother”? Did you know that certain foreign

goverments employ people to do nothing but put 1/16-inch shred back

together like a giant jigsaw puzzle? You need to be worried about your

zeros and ones to be sure.

So let’s talk about notification, because we all know you have good,

timely backups available for you to determine the extent of the damage.

Do you notify those involved or do you notify the entire organization,

telling them the affected individuals will be contacted accordingly?

Do you have to notify the vice president of HR in person that

you’ve lost her personally identifying data, or is your boss willing to

step up and notify his peers of an incident in his command? All of this

needs to be put in writing, so when the time comes, there’s no pointing

of fingers and attempts to avoid an unpleasant task.

If the policy is to notify the circle of influence, don’t be shy to cast

a broad net. These are people who need to respect and trust you to do

their jobs. And they are (apparently) trusting you with very important

and sensitve data. It may not seem so to you, but that set of research

figures you were carrying around might be the professor’s hopes for a

Nobel Prize. It also could be that admin’s notes from a meeting may

provide the company a new revenue stream. You don’t know.

So if there’s a possibility the data you maintained was sensitive in

nature, notify.

You see, they may not be very understanding, but they will be a lot less

understanding if they find out about it from some third party, and you

have to admit to it later. Bad, bad idea.

So, protect yourself. Find out what your policy on notification is, or in

the absence of one, get one written and pushed through approvals. Data

spills are like motorcycle spills — you’ve either had one, or you will.

Similar articles

Latest Articles

3 AI Implementations That...

I was on a joint educational call for the World Talent Economic Economic forum on mobile computing this week. We drifted to topics that...

Survey of Site Reliability...

NEW YORK — Site reliability engineers (SREs) are warning of a looming scalability ceiling and saying the adoption of AIOps isn’t happening at a...

Druva Integrates sfApex to...

SUNNYVALE, Calif. — A maker of software for cloud data protection and management is helping companies safeguard essential customer data that their sales and...

Best Data Science Tools...

Data science has transformed our world. The ability to extract insights from enormous sets of structured and unstructured data has revolutionized numerous fields —...