Narrowing The Search…

Yet more unencrypted data has been lost… well, no surprise there to be honest. At least they know where the data is - somewhere between London and the Isle of Wight, except it could be anywhere because it was en route with a courier.

There were two process failures here. The first was the fact that it was unencrypted data - which was making two trips, one to the third party and then one back to the owners. The other was that it took more than a week to know it was missing.

So, what to do… revisit old policies! If it involves confidential customer information and it’s going offsite then it should be encrypted. [Full Stop!] Backup products today can encrypt the information - so there is really no excuse. There should also be an effective tracking mechanism for data that is traveling with or being stored whether it is with a 3rd party or even by internal personnel. That way, even if the data is encrypted and lost the disaster recovery plan won’t be a disaster itself because the data isn’t where it was expected.

The good news, well piece of process, which we should all take heed of in this case was that the data was being verified as readable / usable. Frequently backup data is not checked and you get to the point of needing it and it is inaccessible, or not complete. I remember a case a few years ago when the data was required and there wasn’t any on the tape - except the header. The reason… the data had changed mount point on the system and the backup policy hadn’t been altered. So it regularly backed up ‘nothing’… and was always successful! So, checking the data integrity on a regular basis is a great habit to get into.

May 24, 2008 | Filed Under Availability, Information Policy, data-loss 

comments

Leave a Reply