Ann Cavoukian freely admits that when she has a captive audience, they’re going to hear a lot about her favourite topic – privacy – before she moves on to theirs. So it was Wednesday at the SC Congress Data Security Conference and Expo in Toronto.
“You can’t have privacy without security, but you can have security without privacy,” Ontario’s privacy commissioner told the audience.
Of course, IT security and privacy are inextricably linked, and often at odds. Cavoukian’s concept of privacy by design posits that the zero-sum privacy-versus-security game has to end, and in a properly designed system, it’s a plus-sum situation – the two enhance each other.
Of the tales of privacy breaches in Ontario’s health care system, most involved unencrypted data on lost or stolen laptops or USB keys. But one that stood out was telling for a different reason.
In the parking lot of a northern Ontario methadone clinic, a woman driving a newer model vehicle saw something on her rear-view assist video monitor she didn’t want to see. A CBC investigation showed that the clinic required urine samples from patients, but rather than accompany them personally to prevent tampering, the clinic had installed a wireless camera in the washroom. When contacted by the CBC, a horrified Cavoukian called the clinic and had it shut down and replaced by a wired system. To their credit, Cavoukian said, clinic staff were equally horrified.
The point: Whatever policies are put in place to ensure privacy, staff can’t think of everything. Without exception, the breaches Cavoukian noted involved capable staff who had simply overlooked something.
I asked Cavoukian if she had considred mandating enterprise-wide data loss protection technology to prevent data from leaving the system at all. Her eyes widened.
“That sounds perfect!” she said. “Give me your card. I wanto toalk to you about this later.”
“Damn,” I replied. “I wish I worked for a company that sold data loss protection technology right now.”
It gave me pause to think about what that system might look like. It’s something that a health care system could mandate, and that any enterprise that handles sensitive or personally identifiable information (PII) could consider a best practice.
I think it would look like this: End-user machines would access their desktops through a virtual desktop infrastructure. DLP technology would ensure that data is downloaded to end user machines only according to specific policies. For example, data sets could only leave the server de-identified, stripped of PII, and only in an encrypted state. VDI obviates having to install DLP on thousands of end user machines, and also makes it easier to control accounts that are orphaned when a staffer moves on. And if the data can only leave the server in an encrypted form, encrypted USB keys and hard drives would be unnecessary.
I’ve promised Cavoukian a collection of stories we’ve run on DLP technology, and I’m sure she’ll devour them. Her techie contacts and associates are going to be answering a lot of questions about data loss prevention technology. She is tenacious when it comes to your privacy.