Is it only Government who loses data at this rate?

Here’s another UK Government data breach.

At least we see that UK.gov recognises the obligation of exposure; but are we supposed to believe that breaches are not happening at the same rate in private sector? I think not. My experience is that many aspects of the private sector are even more culturally flawed around personal data management than the public sector.

A nice simplification of the ‘laws of identity’

– People using computers should be in control of giving out information about themselves, just as they are in the physical world.

– The minimum information needed for the purpose at hand should be released, and only to those who need it.

– Details should be retained no longer than necesary.

– It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.

– We need choice in terms of who provides our identity information in different contexts.

– The system must be built so we can understand how it works, make rational decisions and protect ourselves.

– Devices through which we employ identity should offer people the same kinds of identity controls – just as car makers offer similar controls so we can all drive safely.

…No worse than usual

According the Information Commissioners Office the recent rash of data breaches is no worse than usual.

I’d agree with that, there has been no massive cultural change so why would the underlying problem be getting better. Perhaps in 18 months time we’ll start to see an improvement – but until then expect those breaches to keep on coming!!!