Wednesday, 25 August 2010

What exactly is data loss?

I am really confused by this article.
The UK operation of Zurich Insurance has been fined £2.27m by the Financial Services Authority (FSA) for losing personal details of 46,000 customers.
What is "losing"? Did the data get accidentally deleted? Or was it accidentally leaked to, or stolen by, miscreants?

"Lost" data implies deletion - say, a disk failed and the backup was faulty. Not an uncommon occurrence, and you might need to ask your customers to confirm their details to you again. But:
"The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime."
Also, they were penalised over £2 million for the loss. Both of these imply that someone else actually got the data.

But how do they know it went?
Zurich said that it had no evidence the data had been misused.
So it's very unlikely that they somehow discovered a third party had copied it. And yet, the comment on the case from a law firm is:
Better encryption of data, password protection, and measures to ensure large files cannot be downloaded to devices like memory sticks must all be improved...
So what has actually happened?

The author of the article seems to think that losing data is like losing a box of DVD players off the back of a lorry. If someone gets the data, the original owner must no longer have it. Of course, this isn't how it works. Data gets copied, not destroyed.

A bit more clicking uncovers the original story - a tape was lost, with 50,000 people's details on it. Makes a little more sense now.

So actually, these details have the potential to have been copied by a third party - but they aren't really "lost" at all.

Metaphor is very useful, of course - and "lost data" is often a handy metaphor to help people understand a slightly abstract issue. But the dangers of analogy are that you focus on the analogy and forget what has really happened. Journalists especially need to be careful to understand the reality as well as the metaphor.

No comments: