When it comes to backing up data, not just any old backup will do. This lesson comes hard to Employment and Social Development Canada (ESDC), a Canadian government agency that lost 583,000 students’ information when a backup drive disappeared. This sensitive personal data was carried on a smartphone-sized portable drive and the staff in charge of the drive apparently had no idea about the sensitive nature of the information on it.
The ESDC was so lax in its privacy policies that it couldn’t say for sure what other types of data might be on the disk. CBC News’ Hannah Thibedeau offered a tidbit of reassurance when she reported that the ESDC’s representative at least admitted the data loss was “completely unacceptable.”
The agency and the students appear to have dodged a bullet on this one. So far, there has been no evidence that the data was used for fraud. The Canadian government paid for credit monitoring services for the students and has found no foul play so far. Ironically, the ESDC doesn’t want to disclose the names of the employees involved, citing privacy laws. The agency assures us, however, that those involved were disciplined.
What Happened to the Drive?
The Office of the Privacy Commissioner of Canada’s official report says the device was “stored in a lockable filing cabinet located in that employee’s cubicle, in an envelope, hidden under suspended files.” It was used in 2011 to back up data during a network migration (which didn’t really need a backup anyway), which is how the sensitive data came to be on the drive. Someone recalls seeing the device in August 2012, but couldn’t find it when they went looking for it on Nov. 5 that year.
Security Is Only Part of the Problem
Now I could go on and on about the systemic problem of data security nonchalance and how it should be obvious to anyone that keeping personally identifying information on anything portable, even a laptop, is a very bad idea. But the real story here is a failure to assess and utilize the best options.
Understanding When Backups Are Needed
You can’t slap any old data onto any old drive. You need to assess the purpose, scope, and use of the information first. In the case of our Canadian friends here, there was no need to back up the data in the first place. Unfortunately, we don’t know all the details, but reports say this network migration required no backup. I’m assuming they had the data on more than one machine already. Had this been data of a less sensitive nature, it would be no big deal, but whenever personal information is involved, be sure a backup is absolutely necessary in the first place.
Choice of Format
Again, personal information + portable device = bad idea. Portable devices are made to be moved. Why risk that they be moved outside of a secure area? This is just one of many instances where personal information disappeared because it was portable. Just recently, CBS Atlanta reported on a laptop containing patient information that went missing, so it’s clear that this sort of thing happens all the time.
I recognize the need for laptops in some settings. They are increasingly used in health care because of the migration to paperless records, but sensitive data doesn’t need to be on the laptop – it could be stored in a central, secure location and accessed via an encrypted intranet with two-stage password verification. This way, if a laptop disappears, the information is not on its hard drive, so even if someone makes off with the machine, without access to the intranet, they can’t access the information.
Finding the Best Options
The type of data you’re looking to store will determine the best options. Every business depends on an operating system and data to stay in business. They must have backups. When large amounts of data are involved, tape backups are the most affordable, but tapes are also tedious to use when information needs to be restored. You have to wait for the tapes to arrive from the safe storage location before you can even start your restoration. Here are some other options to consider:
Cloud applications are becoming increasingly popular, but it simply takes too long to upload large amounts of data. A direct connection, or a smarter cloud backup system is needed for large transfers.
Using server hardware is the most secure method of backup. You can have servers located in different parts of the country to be sure a disaster in one area doesn’t destroy your data. However, these technologies are often expensive.
For most large enterprises, we find that a hybrid system is the most affordable, while still offering fast access to vital operating data. You can have a complete operating system, network, and data restored in minutes, while you wait for less critical data to arrive from tape backups.
Quorum has data backup solutions that are affordable, efficient, customizable, and secure. If you have sensitive information to store, we have a safe option for you. Use our contact form to request a free quote and find out all the solutions we have available to you.
Posted on 03/27/2014 at 12:00:00 AM
Enter both words below, separated by a space
Please enter the words or numbers you hear
This is a standard security test that we use to prevent spammers from submitting fake response More Help