US govt: Treat personal data 'like toxic waste'

US govt: Treat personal data 'like toxic waste'

Summary: Computer scientists in the United States have advised organizations to be extremely cautious when handling information that can be used to identify individuals.

SHARE:
TOPICS: Big Data
0

Organizations should treat personal information that can be used to identify individuals "like toxic waste", according to the U.S. federal agency that develops and promotes measurement, standards and technology in information systems.

Information which can be used or combined to identify individuals should be treated like a hazardous substance by those charged with looking after it, according to National Institute of Standards and Technology (NIST) senior supervisory computer scientist Tim Grance.

"If you have high-value personal identifiable information, it's like toxic waste," said Grance at the RSA security conference in San Francisco on Wednesday. "You don't put toxic waste in your car or on a laptop and carry it somewhere. Treat it like it's bad stuff."

Consequences of the loss of high-value information, such as bank details, names and addresses, can be severe, warned Grance. "Think of the impact to your organization of a breach," said Grance. "The consequences are quite real in and out of government. You're only a banana peel away from oblivion."

There have been a series of high-profile data losses by civil servants in the United States and the United Kingdom in the past year, including the loss of 25 million personal details by HM Revenue & Customs in the United Kingdom last autumn.

Grance said that civil servants should work out what information they have, decide what level of sensitivity applies, use technical means to identify records which can then be reconstituted at need and minimize data collection.

Hugo Teufel, chief privacy officer for the U.S. Department of Homeland Security, also speaking at the conference, said that civil servants needed to be educated about the risks of data compromise and how to prevent it.

"My answer is always: educate, educate, educate," said Teufel. "Whenever you have people together--or any carbon-based life forms--they make mistakes."

Topic: Big Data

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion