Wednesday, May 13, 2009

DC Agency Accidentally Emails PII about College Financial Aide Applicants <= WHAT?

Yes, the headline is indeed true. Yet another in a seemingly endless series of silly (stupid) mistakes made by individuals that lead to significant data leakage.

The Article:
D.C. Agency Accidentally E-Mails Personal Data About College Financial Aid Applicants

How many times is this going to happen before people begin to take things as simple as user education / training, as related to security, seriously? Having worked for a variety of branches within the federal government, I can tell you that they do have some fairly basic protocols in-place that allow for basic online (depending on the agency/organization either annual, semi-annual etc...) instruction and in the same session, testing. This then creates a nifty little certificate that you can hang in your little cubicle and is tracked by the CSO (or equivalent thereof) to provide for proof that said Agency/organization is meeting with their requirements.

Evidently though, the "don't email sensitive rubbish out" section was missing in the OSSE's online curriculum?

You tell me...
JJC

No comments: