The latest compromise of 22 Million personnel records of current and former federal government employees and contractors, from the Office of Personnel Management (OPM) systems, resulted in the resignation of its Director, Katherine Archuleta. The security breach compromised not just security credentials, financial and personal information, but the staffs biometric data as well. This isn't the first, nor the last such event - but it does send a strong message to Policy Makers, Auditors and Regulators, that we are in a very precarious position, with respect to data ownership, data security and accountability.
As I was browsing through the LinkedIn! updates this morning, an article titled "HSBC Chairman Calls For Policy Debate Over Customer Data" caught my eye. It provided the hook that I needed, to write about Data Ownership and Accountability, a very important and complex topic, which exposes organisations to Legal, Financial and Reputational risks and impacts Information Security, Data Privacy, Master Data and Data Governance domains.
In a highly decentralised world, it is impossible to determine who owns data and is accountable for it - since data changes hands so often - within organisations, travels across state and national boundaries and is exchanged between private, public and government entities. In light of this, I agree with Douglas Flint's call for a policy debate over customer data. Defining clear policies will ensure that there are appropriate safeguards for consumers and there is clear accountability - in the event things go awry.