Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Lessons from a scandal

Mike Small | July 21, 2011
What can the News of the World teach us about privacy and information governance?


Information Governance

So what is the solution to this problem? Balancing the rights of individual privacy against the need for a free press is not easy and we will have to wait to see what emerges from these events. However, organisations need to take care of the information they hold and ensure that they comply with laws and best practice. The best approach for organisations is one of information governance. Information governance sets the policies, procedures, practices and organisational structures that ensure that information is properly managed. Good governance ensures that there is a consistent approach to risks and compliance across different lines of business and multiple laws and regulations.  It can reduce costs by avoiding multiple, ad hoc, approaches to compliance and risk management.

Organisations with good information governance will know what information they hold and will have a process for training staff on how to keep this information secure. This training should include securing voicemail and how to detect and resist attempts to "blag" the information. Most "blagging" is based on the exploitation of human rather than technology weaknesses. For example, the blagger will pretend to be someone in authority or will ask for help. The strongest defence against blagging is to ensure that you have registered an agreed point of contact with the individual (for example a phone number). Then if there is any suspicion, insist that you will only provide the information via that point.

Privacy is a balance between individual rights and public interest. Organisations that collect information on individuals, even the news media, need to make sure that they comply with privacy legislation. Organisations that hold information on individuals need to take care that this information is handled properly and that staff are trained to detect and resist unauthorised attempts to get hold of this information. Basically, it is down to good information governance.

Mike Small of the London Chapter ISACA Security Advisory Group is senior analyst with KuppingerCole.



Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.