Rant...
21 years? 21 fucking years?
What's that about storing data for a reasonable and proportionate time?
Still I'm just glad those that are affected are the ones that should be ensuring shit like this doesn't happen.
Oxford City Council says a cyberattack earlier this month resulted in 21 years of data being compromised. It said "some historic data on legacy systems" was accessed by unauthorized attackers, namely the personal information of people who worked on council-administered elections between 2001 and 2022. The majority of those …
It depends what the information is. Records like '[name], HR record [reference number], oversaw this election' I could see a reasonable desire to store that indefinitely for posterity. If it has something like phone numbers or DOBs or identity or whatever else then it's unacceptable
Even if it is for historical records there's no way it should be stored on something more readily accessible than Tape. We might even be reaching the point where hard copy storage is desirable as it allows physically-secured, hacker-proof records to be kept for a long time.
Physically-secured hard copy has other issues like "who disappeared this sheet of paper at some point in the last X years?", "is this sheet of paper the genuine record or has it been manipulated/substituted for the orginial?", at least if you reasonably assume that each sheet is not individually secured and monitored and more likely just in boxes in a secure-ish room.
Councils are required to store all records for seven years. Other data may be retained for longer. And employment history with respect to elections is one of the most sensitive and important things to retain. There is an urgent need to know that the people counting the votes are absolutely reliable and honest.
>So why's it being stored on a poorly secured legacy system
Welcome t'council meeting. We're closing the children's center to pay Oracle $$$$$ to update that 20year old system that lists which volunteers counted the votes in the 2000 local election.
All in favour ?
While funny and absolutely something I could see happening in a local Council Chamber, the real question really ought to be "can we just print this shit out and store it in boxes in the basement since to doesn't ever need to be instantly accessible and definitely not on an insecure (by definition) "legacy" system still connected to t'internet. If ongoing costs are relevant, surely a one off print and put in cold storage is the cheapest and probably most secure option. I be happy to bet a few quid on the data retention legislation only stating the data must be retained, with neither the form of retention nor the convenience of access even being mentioned in it. Or even if access, sans the technology to access it in the future, being legislated for :-)
Having worked in the sector (and anon as a result) I'm going to make a guess at the background to this, given the council referred to 'legacy' systems
The system that manages both elections and the electoral register was to be upgraded or replaced some time around 2022 to 2024. The supplier said they'd transfer X number of years worth of historic data only into the new upgraded/new system and gave various excuses for not taking across the necessary historic data and/or quoted a stupidly high price to do so. The service responsible may or may not have understood the consequences of this and pushed back, but to no avail.
As a result they (or more accurately their IT Service) have had to keep the legacy system up & available so access to the historic data is maintained. It'll be running on an old version of Windows Server and probably an equally old version of SQL server, both of which are long out of support.
From bitter experience I know how often data migration and the handling of historic data (whether there's a legal requirement to keep it or not) is badly handled in this type of project. Yes, there are ways to handle it; no, suppliers (especially those in the public sector) are rarely interested or willing to help with that task.