Data security - state of affairs

Regularly we read in the news about data security breaches. What is happening? Are the criminals getting better at it? Probably. But what about defense?

Sadly it looks like that organizations have no compelling reason to protect the data. Bruce Schneier, chief security technology officer at BT Group, said while being interviewed by the Wall Street Journal: "For the most part a company doesn't lose its data, they lose your data" (source).

Which brings me to the point on how data from or about an individual is being dealt with. And even about laws on data. A law like "those who hold any data on some one else can be held liable for theft of this data". And "stealing data is a criminal offense". This may not be the correct wording - bear with me - it is meant to provoke a thought about data ownership.

We live in the information age and data has value. Anything with value that is stolen is a criminal offense, right? So we made laws based on the idea "thou shall not steal". But it still happens as there are individuals who feel they will not get the punishment they deserve when stealing physical goods. We even went to the point we made laws against stealing ideas and inventions. But where are the laws for stealing data? Like Bruce Schneier I am in favor of laws that allows for real punishment in case of data theft.

Law like "a business has to protect the data of it's customers" doesn't help enough because there will always be loopholes. Or even worse: a law that requires businesses to disclose data security breaches. What is the use if the damage is already done to the victim? And if it will only cost the business money when they disclose?

Why do I bring this up? Because I think it is time to rethink where we keep our person related data, but also who exclusively holds the access control. Personally I don't have a problem to physically store my data or data about me outside of my personal environment (so with a trusted party), but I would love to be in full control who has access to it. Not only that, but I would also require to be able to maintain this data, in order to keep it synchronized with reality.

To be honest, this "world upside down" idea is definitely challenging to implement given the current state of applied information technology. I don't have any solutions, not even some vague idea about guidelines how to proceed to this new order. So I challenge every one to think about this. Because it effects us all. How would you feel if something that belongs to you is stolen and you had no means to prevent it from happening?

Love to hear from you!

© Peter Bodifée 2008. All rights reserved

P.S. I was away from writing my weekly column for personal reasons. More news at eleven.