Destroyed Data (On Purpose)

Destroy that data when you're done with it!

What is happening with the recent spate of data loss and theft? I'll give you a hint: this didn't just start recently.

Thanks to new laws to make public disclosure mandatory, companies now must fess up when they've had a data loss. Before that, they'd just sweep the news under the rug, and hope the issue would go away. What's disturbing is that with the frequency that this is happening, people are starting to get numb to it all.

I write all of the technology that goes behind WheresSpot. All 18,000+ lines of it, and counting. WheresSpot handles data that is sensitive enough: personal contact information, passwords and credit card info. We currently have about 6,000 subscribers, and all of this information is stored in a database. While I trust the host, there are a lot of ways that data can get misplaced, re-routed, or just plain stolen. Here's what we do to protect this data:

• Web transactions use SSL, to protect data in transit over the wire.
• Passwords are stored in the database with MD5 encryption
• Credit card information is stored until we bill it (which we want to do as quickly as possible). Once it's billed, we 'X' out the card information, save the last 3 digits.
• When this data is transferred to my laptop for testing it:

   
• Is only done so over a secure/encrypted tunnel

   

• Resides on an encrypted disk image.

All of this might sound a little paranoid, but it's worth it. In fact, there are other things that we do, but these cover my current talking points. If the web host is ever compromised, and our data stolen, the thief:

• Will not have passwords, as they are encrypted. This is important as many people use the same password and ID for different services.
• Will have credit card information for about 3 people - much better than 6,000!

If my laptop is ever stolen, the thief will have:

• Nothing
• Nada
• Zip

Really. In fact, all of my client data stays on an encrypted disk image (encrypted with AES-128). The fact is, we routinely destroy data on purpose. Either destroyed and lost, or 'destroyed' through encryption. Regardless, this data becomes useless to anyone other than WheresSpot and its users.

Here's the rub: WheresSpot is three people, only one of which (me) is a developer, writing this code. If we can get this right, why can't a bank? Why can't a credit card processor? Why wasn't the data on the tapes lost by Bank of America encrypted? (Notice that they say a "small number" were affected. Uh-huh. Federal agencies peg that number at 1.2 million...I guess it's a matter of perspective)

Here's why: because there are no repercussions for these companies. As the media floods us with these reports, and we get desensitized to them, even the issue of 'bad press' slowly melts away. Sad.

On WheresSpot, we've never once had anyone question how we treat our data. Of course, we'd never sell it to a third-party, and every possible precaution is taken....no one has ever asked, though.

I say: question the people you're giving your data to. Ask them how they're protecting it. Ask them what they'll do in case there is a security breach, or if their tapes/database/laptops are stolen. It's your data, and for better or worse, up to you to protect it.