Right on the heals of Congress investigating P2P file sharing that I discussed in P2P a National Threat: Your tax dollars at waste, comes this news from tech.blorge.com about how back-up tapes containing over 800,000 social security numbers of Ohio state employees were stolen from an intern's car.
According to a report from the State of Ohio Inspector General, this is standard operating procedure for Ohio???s Office of Management and Budget as well. Ok, I know taking tapes home or to a storage shed is normal for small companies that can???t afford off-site storage???I am not saying that is best thing to do, but it is a reality. But we are talking about state agencies with sizeable budgets. If our government at all levels is truly concerned about the security of personal information, they need start no further than their own processes and procedures.
Here???s the thing, employees will generally follow the rules set down for them. Policy and procedures need to be enforced from the top down. A junior level administrator can???t tell the CIO what to do unless the CIO agrees. The commitment to policies must come from the executive level. The responsibility therefore rests with the executive level as well. Isn???t executive responsibility part of the provision of Sarbanes-Oxley section 302? Executives have no less of a responsibility regarding the protection personal information.
I would like to see a federal law mandating that one person at the executive level in every company or government organization should be assigned the responsibility of setting forth privacy and security procedures and ensuring that they are followed. In the event of a loss, that person should be held personally responsible and should serve no less than 1 year in prison. Maybe the threat of jail time will wake up the negligent.
Finally, if you are asked to take tapes home, ask that the request is put into writing absolving you of any liability. You probably don???t get paid enough to take on such responsibility and liability.
Still think P2P file sharing is a major culprit of data loss?
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
