Saturday, February 23, 2008

Employers have to be much stricter about access to customer data

Businesses and governments alike are having to pay much more attention to employee access of customer personal information, and make sure that access takes place only for immediate business (such as customer service) purposes.

An AP story Feb. 23 by Ryan J. Foley, "Worker snooping on customer data common," discusses problems at a Wisconsin utility. The link is here. While many of the concerns expressed in news stories like this involve customer service workers, another concern would be how companies do their systems testing. Companies often do Quality Assurance and user acceptance testing by building QA test regions based on extracts of production data, often with software utilities designed to do just that. That means that IT employees may have considerable "exposure" to production data. Sometimes employees keep copies of test results just to prove that their systems work properly, but this could lead to increased risk of privacy compromise in the long run, and could violate privacy laws (like HIPAA).

Another important AP story by Frederic J. Frommer, "Report: Identity theft efforts lacking," is critical of the ability of government agencies to protect private data. The link is here. In some cases, local governments have posted sensitive data on the Internet, but have removed the data since.

Telecommuting, employees working at home with their own computers or with laptops brought home from work, as well as taking work home, also increases the risk of compromise. In a couple of cases, laptop computers have been stolen from employee homes during burglarize, leading to potential compromises.

No comments: