#EDW13 And Now Listing Pain Points

#EDW13 Working on Data Success Stories

My class writing out their top 10 Data Success Stories.

Slides from Karen’s #EDW13 Get Started Blogging Session

I was really happy to see such a great turnout for today’s session on how to get started blogging at Enterprise Data World (#EDW13).  I wasn’t just happy to have a full room, but that I got so many great, insightful questions and comments.

My Get Blogging slides are available for download now.

Some of the resources I mentioned during the talk:

• WordPress.com This is my blogging platform of choice.  You can set up a blog in 10 seconds, for free. 
• WordPress.org Same platform, but if you want to host it someplace yourself.  You can also find a third party host and they typically will have this ready to install from their catalog of approved applications.  It’s free.
• Windows Live Writer http://windows.microsoft.com/en-us/windows-live/essentials-other-programs  This is what I use to compose most of my blog posts
• TechSmith.com Home of Camtasia (video editor of my choice) and SnagIt (my screen capture tool).  You want these.
• ERwin.com Go To page for all things ERwin, including their blogs (under the community page)
• Embarcadero.com Where to find ER/Studio blogs
• Dataversity.net Home of numerous blogs and articles

Remember, if you start blogging, I want to hear about it so that I can share, comment, and help you promote your writing.

Get Blogging!

#EDW13 DAMA – Enterprise Data World

Why Data Privacy Breaches Aren’t Just about the Data

Some people believe that in an age of Facebook, Foursquare and Twitter, we should give up all our expectations of privacy.  While I agree that I’ve been shocked by the amount of personal information that people share (sometimes even how much I share), I still believe that organizations need to have the right technologies, policies and training in place to protect abuse of personal and sensitive data.

In a wilful privacy breach in 2011, a clerk at British Columbia’s insurance bureau (ICBC) accessed customer data in order to intimidate employees of another organization. One of the victims has launched legal proceedings against ICBC for failing to have suitable data protections in place.   ICBC is a sort of universal automobile insurance organization in BC – everyone who wants a driver’s license there must get their insurance via this organization, so their data collection covers most adult BC residents.

Annette Oliver isn’t just worried about sensitive information being made public, but about how that data was used to terrorize her family and co-workers.

Annette Oliver alleges in her lawsuit that her husband’s van was torched on April 17, 2011, at about 2 a.m., which police believe was an arson.

Then on June 1, 2011, Oliver claims, she was at home when she heard three loud bangs at about 5 a.m. and discovered three bullet holes in the front of her house.

Oliver says her husband and two daughters were home at the time.

This wasn’t an isolated case: others had their cars burned and homes shot.

Three months later, on Dec. 14, 2011, the RCMP revealed the investigation had found a link to an ICBC employee, who allegedly accessed personal information of 65 people, including 13 identified as victims who were targeted.

ICBC said at the time the employee under investigation was a woman who had been at ICBC for 15 years before she was fired in August 2011

It appears from the lawsuit that ICBC did not use monitoring technologies to monitor access.  Or that they weren’t using them correctly.  I’m always surprised by organizations that steward customer data and don’t do much to properly care for that data.   We’ll see in the end whether or not ICBC had suitable protections.

Myths about Data Protection

1. Data privacy breaches don’t really hurt people.  This one makes me mad.  Even something less physically harmful like having their identities stolen can cause years of trouble for your customers, not to mention great financial harm. But data breaches can and do physically harm people. 
2. Data privacy is about secrecy.  No, data privacy protection is about controlling the usage of data for only the reasons for which it was collected. Among other things.
3. If the data is available elsewhere, it doesn’t need to be protect in our database. No, IT professionals still have a duty to protect personal and sensitive data in their care.
4. Data wants to be free, so we shouldn’t control how it’s used within the organizations.  Yeah? My cats want to be free, too.  And we still don’t let them outside.
5. Data protection is just a technology issue.  Data protection is just a training issue.  Data protection requires technological, process and people-based solutions.
6. Encryption is all we need to do.  No, because if people can read the data or download it, it’s not encrypted any more.  Encryption helps when people walk away with the data.  But people who use the data don’t see encrypted data.
7. Data privacy requirements can be applied after the system goes into production.  This one drives me crazy.  Data protection requires effort at all phases of a project.  There architectural, design, development, deployment and maintenance components to be addressed.  There are policy and procedures to be developed.  There is monitoring and alerting to be practiced. 

You know my mantra. Love your data because it’s not really yours.  You have a professional duty to ensure it’s safe.

Read the full story at Metronews

Justice Institute employee sues ICBC for privacy breach that allegedly led to her vehicle torched, bullets fired at home

Pour Some Data On Me

Today’s SQL Server 2012 Anniversary question is:

I thought the image I created above might inspire you.

Follow @SQLServer on Twitter and answer their daily questions to win fame and prizes.

Good luck!