Thursday, 2 October 2014

Can We Really Trust The Public Sector With Our Private Data? - Morten Kjaersgaard

Large companies and public organizations get hacked daily. Your personal information is no longer private, but is widely becoming more and more public knowledge, as your data gets hacked and then leaked onto forums.
This is not just a problem for your neighbor and we have recently seen private information hacks from almost everywhere across the globe.

Below is a small list of public sector hacks:

US – Hospitals hacked – 4,5 millions records
US – Hospitals hacked – systems attacked
US – Social Security numbers hacked
Austria – Social Security numbers hacked
UK – Government systems hacked, extent unclear
Denmark – Public registry hacked
Denmark – Structural and private systems:
Denmark – 900, 000 social security numbers leaked by mistake

The public sector is by far the biggest problem when compared to the private sector, because public sector organizations carry a lot more personal information about you. And we are talking about items like social security numbers, health care journals, mortgages, property ownership, addresses, car registration numbers and so forth.

The Public Sector – where personal information becomes public knowledge.
Private sector companies often carry information such as credit card information, personal photos , addresses and e-mail address, which can also be crucial, but one organization does not have access to everything, which makes it less liable.

And this is primarily also why internet security reports often show that public sector organizations are more frequently hacked than private sector companies. Naturally, this is also why they are clearly much more often targeted than private companies.

However, another factor plays a role here as well because – quite often – public sector organizations have a lower security level than private companies – especially when compared to the mass of data they have access to.

You need to remember that most public sector organizations share information about you to enable easy access of information between doctors and hospitals, public administration and taxation services and so forth.

So, basically, data is extracted from a variety of sources and although your loans are not accessible for your doctor, that data is still put into the same infrastructure.
Naturally this is not the case in every country, but for the vast majority of western countries, this is a way of increasing efficiency in general public administration and it makes perfect sense, rather than us having to run around with papers with information about ourselves.

Also, we need to highlight that more effort has to be put into security by public sector organizations, who often share files that have been generated manually on FTP servers or other simple sharing services.
Manual file creation means a clear likelihood of human mistake and in Denmark we recently had a case where a public organization put out social security numbers for more than 15% of the population, by doing just one single mistake.

Add another 10 similar mistakes and you could have the social security numbers of 98% of the Danish public, considering there will be an overlap each time most likely.

What can we do?
In short it all boils down to this. If you want your government to act and improve their security around your personal information, you need to act.
Governments react to public pressure and often decision makers are indecisive to act, before things actually become a problem.

In this digital age, it is your responsibility alone to protect your private information. No one else is doing it for you.