Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Personal Identity record protection

Protegrity : 01 October, 2008  (Technical Article)
Protegrity identifies the personally identifiable information that exists and what measures are needed to protect it.
PII or Personally Identifiable Information includes things like your home address, National Insurance number, bank account details, driving licence, even your email address, and pretty much anything that uniquely marks you out that an identity thief might need to impersonate you.

1 Employee records. Most people might think that with all the noise about PCI DSS and protecting customer data, that things are under control. However, what's not being addressed in Ian's experience, is protection of employees' information on HR databases. The recent story about a London hospital trust losing 18,000 staff records is a perfect example of this oversight.

"Potentially hundreds of thousands of records are at risk across the UK, stored unencrypted and with poor, or no access policies in place. This is in both the public and private sectors." says Ian Schenkel of Protegrity.

The solutions are multi-layered & the same as they are for any other PII security:.

- Education as an ongoing process to curb complacency & ignorance.
- Include employees' data in the organisation's security policies & procedures.
- Use technology appropriately - e.g. encrypt data at a column level, not the whole database (to ensure no impact on server or network speeds).
- Implement access control and audit logging to these data repositories to ensure all access is monitored.

2 Medical records are the other aspect of PII security which bothers Ian. In the US patients have had rights & recourse under the Health Insurance Portability and Accountability Act (HIPAA) since 1996. In the UK we have no equivalent.

Nor is patient data going missing a rare event. Incidents regularly hit the headlines, like the loss of a USB stick with patients' details by a junior doctor at a Nottingham hospital and the laptop stolen from Dudley hospital with over 5000 patients' records. Added to this the NHS failed to meet its deadline of 31 March 2008 to finish encrypting personal data from patients across all trusts and many won't complete the task until later this year.

As the electronic age continues to grow, more and more of our personal information will be stored in data repositories and held by many different organisations. They have a responsibility to keep this data safe and secure, and they often rely on very tenuous & easily broken security to do so. We do not want to become a nanny state but life is all too easy for identity thieves and fraudsters, data storage guidelines are vague at best and often overlooked by companies. These need to be tightened and enforced to try and stamp out what has become a £1.7 billion yearly problem.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo