Joanne Joseph, CISA
I would like to set the stage for the exchange of ideas on the points expounded upon in my recent Journal article on data privacy and legal challenges.
In the article, I reviewed certain aspects of data privacy, i.e. threats, types of data at risk, how data privacy breaches occur, impact of privacy abuse on individuals and organizations, as well as legislation and protective measures currently in place across Europe and the US.
To give an example of how a data security breach can occur, quite recently, an officer at a bank was processing a financial transaction for me. Before logging into the bank’s computer system, he accessed his phone and then commented aloud, “Boy, what would I do without this phone? I have all my passwords stored here.”
How many of us store our passwords in a readable format on a mobile device? What protection do we have for these passwords? Furthermore, do we let others know that our passwords are stored there?
This information was inadvertently disclosed to me and I did not even need to know where the passwords to the bank’s computer systems are stored. Based on this example alone, it seems that there may be opportunities within our everyday activities for perpetrators to gather sensitive data.
A number of questions arise:
- Do we have a sense of duty to protect sensitive data?
- What local legislation is in place within our jurisdiction?
- Are company policies enough?
- Is there a magic bullet in solving data privacy issues?
- I look forward to an active discussion on these issues.
Read Joanne Joseph’s recent Journal article:
“How Safe Is Your Private Information?,” ISACA Journal, volume 2, 2013