Elections Ontario Data Loss Reminds Us All Of Our Responsibilities

19-07-2012
We thought we’d share this note that was distributed to our team this week as a reminder of the importance of data security in our industry.  If you have any questions about our data security policies and practices please feel free to call me, Steve Falk, President of Prime Data, 289-802-0584.
Dear Prime Data Team, This is an important reminder of the importance of data security here at Prime Data. I'd like everyone to read these two articles about the data loss from memory sticks at Elections Ontario. Two people lost their jobs because of this at Elections Canada and the organization has had to print apologies and explanations in major newspapers in Ontario. Additionally, millions of people risk having their security compromised. ARTICLE LINKS: CBC http://www.cbc.ca/news/canada/toronto/story/2012/07/17/ontario-voter-data-breach.html ITWORLD CANADA http://www.itworldcanada.com/news/was-the-elections-ontario-data-loss-a-perfect-storm/145810 If this happened at Prime Data we could put personal privacy at risk and we would be extremely vulnerable to negative publicity, lost trust, lost client relationships and to legal action. Let's not have this happen here! Our firewall and backup procedures, as maintained by TDCNet, keep data safe inside the servers and network of Prime Data but we are vulnerable when exposed to external transfer and transport. REMINDER - Send data files via the secure FTP sites whenever possible ( ftp.primedata.ca, DropBox.com , or FMWEB). If you are unsure on how to use FMWEB or the secure ftp site then it is your responsibility to become acquainted with it so you can use it properly. QUICK POINTS TO REMEMBER:
  • encrypt and password protect files if they must be sent via email
  • do not use Memory Sticks unless you carry them with you while they contain data and then erase them immediately after using them. Memory sticks should be used sparingly.
  • having data on laptops, mobile devices and machines that leave the building or can be stolen/misplaced easily also poses a risk so do so only temporarily while working on them locally if that is necessary at all and,
  • otherwise, keep all data on the secure Servers drives. This means that you don't keep data files on the hard drive of your machines unless absolutely necessary as a temporary measure or if your processing absolutely requires local data. Delete it when done.
  • never handle files with Visa Numbers of Social Insurance numbers. Delete them if you receive them and request that clients don't send those pieces of data to you and alert them to our policy on this issue. We don't want to have that information on our systems.
  • be sure that your machines require a login after a few minutes of inactivity. You can call TDC to help with that. Your personal machines vulnerability, if you don't log off properly or if you leave it open to others to access, is your responsibility.
  • it is good practice to change passwords regularly and not use the same one for everything, which you all probably know.
Please don't be shy about mentioning to clients that we don't recommend that they send files by email unless they are encrypted. Some will not understand the vulnerability and you'll be doing them a favour by bringing this to their attention. I want to thank you for all your care and attention to detail on this matter to date. We all depend on our unified and continued diligence on this issue. Thank you,
-- Steve Falk
Prime Data