Here’s a fun article: “Fifteen Ways to Lose Your Database” by Peter Mitteregger, European Vice President of CREDANT Technologies. The quick overview of the 15 ways is listed below. Before you read them, cover your screen. Then (i) see how many you can work out for yourself; (ii) once you’ve read the list, see how many you can add; (iii) see if you can spot the links between the ways of losing a database and the protection conferred by the data protection legislation.
“1. Employees able to access a database regardless of their need to do so, with sight of complete records including information that they do not necessarily need to see;
2. Unrestricted downloading of the database to removable media;
3. Employees able to print individual records, or even the full database, in hard copy format;
4. Employees able to access records, in undefined quantities or for unlimited periods of time, providing the opportunity to make a written copy;
5. Records, or even the entire database, altered or deleted;
6. The full database, or individual files, emailed as an attachment;
7. The full database, or individual files, uploaded to an external storage facility/website or a hosted document storage and management solution;
8. Secure employment for the purpose of having unrestricted access to confidential data with criminal intent;
9. Existing employees being coerced into removing data for financial gain;
10. Ex-employees who have not had their access rights revoked;
11. Photocopy hard copies;
12. Over the shoulder screen theft from mobile workforce;
13. Writing down, or even sharing, passwords;
14. Loss of external or portable media (memory sticks, CDs, laptops, etc) that contain unencrypted information, often during travel;
15. Misplaced, or stolen, devices (laptops, blackberries, etc) used as a back door to the corporate network”.