Re: Bah!
@Stevie
I agree, file criminal charges - make it mandatory. However, I think the (rhetorical) question posed was about how you actually prevent this happening.
Criminal charges are well and good but they are a deterrent, not a barrier.
The answer to the question about what you can do is that, ultimately, you really can't stop this - not entirely. What you can do, however, is make sure that only those who NEED access to the information are even able to access it.
That also means that each employee can see ONLY that information that is relevant and necessary for the task they are doing.
Further, it means preventing any means to showing all these sensitive details en masse, such as in a nice table or report. By that, I mean that to see a customer's driver's license details, you would have to actually open the record. Beyond that, you could have those fields hidden and only show as a pop-up or when button is held down. You could even have the fields as images - or displayed in some way that made the text/details not able to be selected and copied.
The reason for these measures is to prevent anyone being able to harvest large amounts of information quickly and easily. They'd be reduced to manually recording the data bit by bit - a slow process considering this stuff is only really valuable in bulk.
And, all this shows why the numerous data collection regimes in place and in coming around the world are so dangerous - the information WILL get out. Whether through carelessness, ineptitude, curiosity, cracking or insider theft, the only ways to mitigate these problems are the same:
- Keep as little as possible.
- Secure the data as strongly as possible.
- Restrict access to the information as much as possible.
- Monitor diligently.
- Punish ruthlessly.
Do that and at least you can say - when a breach inevitably happens - that you took all reasonable steps to try and prevent these problems.
Biting the hand that feeds IT
