There’s something wrong in the world of data security and it’s not clear what. First it was Talk Talk, then it was Marks and Spencer, next British Gas and now Vodafone – all experiencing difficulties in quick succession with their customer data. And these are the ones we know about.
You have to imagine that the faults are in poorly designed or implemented security policies which magnify the effect of employee mistakes, faulty or ‘unpatched’ software and direct hacks with malicious (or even playful) intent.
Regardless, it doesn’t feel like this problem is going away soon. The ability of organisations with huge resources is clearly stretched when solving this problem, so what chance has the mid-sector got when they can’t afford a head of security and a team of engineers?
If there was an online service I could sign up to, which stored all my personal data, which offered my data to service providers I authorise, that would keep me happy. That is assuming that I could be assured of the service probity, that the organisation behind it was highly secure and a long list of other factors of course.
I can imagine the billing system at my utility company only storing reference information calling out to the secure data API whenever it wanted to find out about me, such as my address or bank account details. An employee looking at my billing record wouldn’t know it was me if they didn’t have the security clearance to call the data API.
Having a central authority with all that data does make things very risky if it’s breached, but at least it’s isolating the problem to a single service which majored in nothing but security.
Service providers might like that idea too, they won’t carry the full burden of security and the reputational brand damage inflicted when security dirty laundry is aired.
Let me know what you think in the comments below.