Data Management Malpractice

2 Comments / Data Management, Rants and Kudos / By

UPDATE: Link fixed 

Terry Dowdy forwarded me his thoughts about this recent story in The Washington Post about The Nature Conservancy's mismanagement of data. With his permission, I present Terry's (slightly edited) thoughts:

This is wrong on so many counts: why was old data was still being used, why was it on a laptop (SSNs!), where is the AMS in all of this, why didn't they have good anti-spyware programs in place, etc. The only good point I see is that the network folks were monitoring their network traffic and were able to pinpoint the breech (albeit too late).

An organization as large as Nature Conservancy should've known better…and protected themselves better. But in the end, it always comes down to the end-user and their sense of personal responsibility — or lack thereof.

Terry raises some great points:

  1. Sensitive data on a laptop. That should never happen. Laptops are, by definition, mobile, which means the information can be easily physically stolen. Ironically, in this case, this information could have been on a workstation since it was stolen using spyware.
  2. Old data still being used. There may be some reason for keeping old data (since this related to payroll). But again, why would this data be on a hard drive? It should be a one a network drive that's well-protected.
  3. Where is the AMS? Good question. This was employee information, so it's arguable it didn't belong in the AMS, but a case could be made for that.
  4. Where's the anti-spyware? Again, hard to say if there was any loaded and whether or not it was updated.

But all of this points to data management malpractice. As data managers we are caretakers of the data. We have to be sure the data we're managing is safely handled at all times. And that includes keeping the data up to date and keeping it well-protected.

Where are your security holes? And what have you done to address them? It only takes one well-publicized incident like this one to sully an organization's reputation for years.

About Wes Trochlil

For over 30 years, Wes has worked in and with dozens of associations and membership organizations throughout the US, ranging in size from zero staff (all-volunteer) to over 700. In that time Wes has provided a range of consulting services, from general consulting on data management issues to full-scale, association-wide selection and implementation of association management systems.

View all posts by Wes Trochlil

2 thoughts on “Data Management Malpractice”

  1. Terry Dowdy

    Thanks for posting this Wes (your edits definitly improve my writing and spelling issues). In regards to my comment about where the AMS firt into this picture, I was thinking about one of the comments posted on the original WaPo article asking if any contributor data was exposed. Also, since many AMS’s tie to an organizations accounting package, such as Great plains or Solomon, some organizations actually put their vendors in the AMS, and when paying out reimbursements they consider their staff as vendors, and therefore they end up in the AMS.

    Additionally, if one type of data (employee records) is exposed, who is to say that other types aren’t also in jepordy. Customers and users will quickly forget all of the good things that happen, assuming they evemnm know about them, but the bad stuff stays alive in memories for a very long time.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Start typing and press enter to search

Scroll to Top