Haft of the Spear

How about training, auditing, and control, the usual items that are a regular part of doing business in this day and age.

It is all but apparent there is no control over information in the government.

I’m sure there is a 400 page document the GAO has issued about the proper procedures for data retention and security, and if you ate a bad burrito at lunch you might just have some spare reading time in the afternoon to peruse through that.

Flashback to Choicepoint who got fined $10 million last year by the government for poor control, after they provided personal records for a few hundred thousand people to thieves who paid for them.

They are penalizing companies for lack of controls? Don’t you need them yourself first?

The irony/hypocrisy of gov’t agencies that have no problems berating and bullying private institutions about their data handling and security practices that are then shown to come up short themselves is both amusing and disturbing.

The primary disconnect here (I think) is that in the dark world handing sensitive information according to given standards is drilled into you from day one and by and large is a given that no one thinks twice about. Now we’re talking about quasi-private/public data being handled by people who don’t have the same culture trying to implement policy that is still warm from the printer.

Public or private the fact that there is an event like this almost weekly shows how very unserious we are about these issues, which is sad given the importance of such data to both the person and the community.