Tel: (416) 498-1550
info@osborne-group.com
FOLLOW US ON
Executive Leadership Toronto

Our Principals

Osborne Group Principals are flexible, experienced executives who fill senior-level positions in any functional area on an interim or contract basis.

Details

Functional Expertise

Clients
Testimonials
Case Studies

Osborne Insights Blog

Osborne Insights Blog

Elections Ontario and Security



The Osborne Group - Thursday, July 19, 2012

This week the news emerged that Elections Ontario has improperly managed the data of 2 million or so Ontario voters and has “lost” our personal data. Apparently back in April, a couple of USB drives went missing from an Elections Ontario office, and they contained information collected about voters provided during the election last fall.

First, we’re going to set aside the issue of timing – that this breach occurred back in April and the news is only coming out now. This feels to me like a pretty big gap in accountability, but that’s a topic for another day

Second, we’re also going to ignore the notion that the likelihood of the data being misused is low – apparently due to the specialized software used to manage this data. While this possibly is true, I would never underestimate the capabilities of a determined hacker to be able to decode the data.  Further, what data was lost and how much damage can be done with it is not really the point, particularly if you happen to be one of the people whose data was on the drives.

But more practically, what happened here?

It seems that a number of “paper procedures” had been established but were not followed by employees.  And no audits appear to have been done to ensure the procedures were being followed. And finally, it seems that the significance of securing this data was not sufficiently impressed on at least a couple of Elections Ontario employees.

What does this mean for your organization?

First, have some security procedures – including but by no means limited to:

Personal data about customer or clients or citizens should not be put on a USB drive as a matter of policy, and if there are some exceptional circumstances, they should be depersonalized or encrypted at minimum.

Strong passwords should be required to get into any system containing personal data, and users should be forced to change them regularly.

Encryption software for laptops should be installed and activated.

Materials should be secured when users are not there – screen locks, laptops and USB devices stored in locked drawers, and so on.

Secondly, test the procedures and audit users behavior.  If that means something as silly sounding as walking around the office and checking, just do it.  If phones or blackberries are supposed to be password protected, check them to make sure.

Finally, ensure staff know the procedures, understand why they are there and the implications of them not being followed (both to the organization and to them personally) as it is at the personal level that security is most effectively implemented.

Christy DeMont

Comments (0) | Trackbacks (0) | Permalink
Comments
Post has no comments.
Post a Comment




Captcha Image

Trackback Link
http://www.osborne-group.com/BlogRetrieve.aspx?BlogID=9278&PostID=546060&A=Trackback
Trackbacks
Post has no trackbacks.

Recent Posts

Tags

governance "business processes" 'interim executive" "leadership" "British Open" "Louboutin" "nuclear power" policy "solar energy" negotiation "Don Weaver" "board of directors" "HR manager" "energy assessment" "information technology" "Sheila Hamilton" Incentives resources "Canadian Diabetes Association" "need for volunteers" consultant "best employers" "Bob Fisher" "conserve energy" ""small business" quality "Osborne group" "Ian Glen" "procter and gamble" "sally fazal" "Eric preston" history "executive management" value utilities vote negoation "ontario energy" Psychology President "The Osborne group" "interim executive" NHL "smart phone" "osborne group names new president" "Ipsos Reid" "Osborne Group" fuel "Direct Energy" "Dalton McGuinty" "Linda Hall" "bad news" "Stephen Covey" Strategies Volunteering "Tim Cooke" "Jenkins report" lender "Teri Brown" ontario The Masters "board member" "business opportunity" "Canadian Business" "Request for Proposal" entrepreneurs "Electrical heat" scientific HR "John Gundy" "financial services" "Shulich School of Business" "Canadian Armed Forces" taxpayer "standard for quality" NRC "Lile Jia" "News Years resolution" Government "susan bihun" "business acquisition" "contract executive" "interim management" "interim ceo" "John Bielby" CMO "clear writing" "The Osborne Group" Electricity "Not-for-Profit" communication "job search" golf "Captial Conference" "government policy" connections "International Camping Fellowship" "Ray Kong" "Community members" experimental RIM "Rotman School of Commerce" Denmark "Canadian utilities" Apple "Canadian Government" "business valuation" "Board of Directors" Canada leaders Olympics "GM Oshawa" "A leadership primer" "jane rounthwaite" "senior executive" "problem solving" RRSP "Ontario Health care" "Central Vermont" "Information technology" announcement Technology "financial goals" "Globe and Mail" sustainability retirement Canadian conservation "business partners" "David Rankin" vacation mentorship experiences "2012" "Occupy Wall Street" "john bielby" "bidding process" "sustainable energy sources" "customer service" contractors "Health care" Greece "password protection" Linkedin SMEs "Melodie Zarzeczny" "ontario jobs" thorsten "bob cooke" "CEO" "Osborne Announcement" "Jet plane" "Interim executive" "US Open" "Canadian Army" "energy management" RFP "Human Resources" hockey sports "frankenstorm" "Part time CFO" marketing "Queens Park" "Big Wind" "young entrepreneur" Banker "earth rising" "Tiger Woods" anniversary "new principal" beethoven "customer experience" "Ontario power authority" "communication plan" "electrical utilities" "West Jet" "f-35 jets" "bob fisher" "executive director" "Richard Taylor" BOD stakeholder "business goals" "change initiatives" politics stakeholders leadership "Donna Brazelton" "Arthur D. Little" "Succession planning" Wikipedia "leadership skills" "risk elements" "Jane Rounthwaite" "athletic movement" strategy "new technology" "New Year's Resolution" CFO "Risk Management" "Scott Percival" balsillie "fresh perspective" networking "non-profit" "opportunity cost" "stewarding energy" "Winston Churchill" 'interim management" "energy conservation" Shelburne "corporate philosophy" "Sir Fredrick Hoyle" "Super Bowl XLVII" "province of ontario" "Janet Carnegie" "private business" "Roy Thompson Hall" "John Annett" energy cbc "Ontario Premier" entrepreneur "policy manual" "Colin Powell" "Silverthorn collegiate" "news" "Christy Demont" "Bob Cooke" "The value of time" "non-profits" Universities "innovative communication" "business growth" "fossil fuel" english hawkesbury Summer "Steve Jobs" "Organizational communication" "Canadian flag" enterprises Masters TFSA "development program" "Christy DeMont" football science "American Heritage dictionary" "retirement homes" "Communications Audit" "Hydro One" "business plan" weather budget "total cost of ownership" acquisition "Organizational health assessment" "ontario highschool students" "paper procedures" audit toronto "Giuseppe Quintarelli" "newpapers" "Canadian poetry" "Chris Hadfield" "family doctor" "Premier of Ontario" "Ken Goodwin" executive "business exit" "pareto principle" "interim CEO" "Leonard Cohen" "hydro one" IT Zipcar risk "Wired Magazine" "shareholder value" CEO CIO Superbowl spring "janet carnegie" "contract negoation" leader "voter security" "National Retail Council" "successful organization" customers "Change Management" "identifying solutions" volunteer "Remembrance Day" "community support" "Interim management" "Mike Dick" "2012 Olympics" "career change" iPad "Elections Ontario" "Fighter Jet"

Archive