90 replies to this topic

[BoeingBoy]

Security starts with whoever has the information - the company.  From their explanation, giving AOL privileged information was inadvertent - I'd be surprised if the assistant chief pilot knew it was in the file.  But no one should be given privileged information on employees unless they have a pressing need for it.  Names and addresses don't bother me since it's not privileged information - companies buy, sell, and exchange mailing lists all the time which is why everyone with a mailing address gets junk mail.  SS#'s, passport #'s, etc is a different matter.  That shouldn't be in files that people who don't need it have access to, encoded or not, password protected or not.

Of course, the same goes for any union - does the union need access to every bit of information that the company has on every member of that union?  Does everyone in the union office need access to every bit of information the union has on each member?  It's like the saying says - if you want to keep something secret don't tell anyone the secret.

Jim

[SparrowHawk]

BoeingBoy, on 25 February 2012 - 07:10 PM, said:

Security starts with whoever has the information - the company.  From their explanation, giving AOL privileged information was inadvertent - I'd be surprised if the assistant chief pilot knew it was in the file.  But no one should be given privileged information on employees unless they have a pressing need for it.  Names and addresses don't bother me since it's not privileged information - companies buy, sell, and exchange mailing lists all the time which is why everyone with a mailing address gets junk mail.  SS#'s, passport #'s, etc is a different matter.  That shouldn't be in files that people who don't need it have access to, encoded or not, password protected or not.

Of course, the same goes for any union - does the union need access to every bit of information that the company has on every member of that union?  Does everyone in the union office need access to every bit of information the union has on each member?  It's like the saying says - if you want to keep something secret don't tell anyone the secret.

Jim

What you speak of is what "Digital Rights Management" is! Deciding who gets access to what and who they can distribute it to. Like SSN's to a Union or private individual for example. The software is so advanced that I could set it up in such a way that HR could only e-mail certain files to a predetermined list. it's also advanced enough that I can retrieve an e-mail sent in error. Stuff is way cool.

Security for many small organizations is an afterthought. Right up until there's a breech problem.

[Iclubbabyseals]

SparrowHawk, on 25 February 2012 - 07:24 PM, said:

Security for many small organizations is an afterthought. Right up until there's a breech problem.

Too funny and right on.

I think most of us who actually pay attention know that the US east pilot breach was triggered from the executive offices.  The three pilot dudes who paid with a month off were simply tossed under the bus to protect the real criminals in tempe.

In five to ten years I would look for east pilots to experience interesting anomalies in their supposedly confidential and private affairs.  As a point of information, changing one's SSN is not all that difficult.  Pain in the tutu, though, indeed.