Placing data in silos
Talk about timing.
Just hours before UK’s Chancellor Alistair Darling revealed to MPs the loss of 25 million personal records, Government CIO John Suffolk gave a blunt warning about the danger of creating more giant government databases. He said, “To put more eggs in single basket is a foolhardy approach. The best way to protect data is to say: this data is for specific purpose, put protection around [it].”
He went on to say, “There is a balance to be struck. It’s nonsense to assume or even think about a central database or central clearing house.”
As Kim Cameron said in his blog post, “To me this is the equivalent of assembling a vast pile of dynamite in the middle of a city on the assumption that excellent procedures would therefore be put in place, so no one would ever set it off.”
“There is no need to store all of society’s dynamite in one place, and no need to run the risk of the colossal explosion that an error in procedure might produce.”
In my first post about the data loss, I mused, “Perhaps the time has come when identity systems are based on an assumption that peoples’ personal information is not secure.” On the same lines, Kim said “the information that is the subject of HMRC’s identity catastrophe should have been partitioned – broken up both in terms of the number of records and the information components… no official (A.K.A insider) should ever have been able to get at enough of it that a significant breach could occur.”
That got me to do a mental check about the online identity and authentication systems being put into place in New Zealand. Though the service is presented to people as a single, integrated service (igovt), under the hood there are two separate services (Government Logon Service and Identity Verification Service) run by two separate government agencies with two separate databases.
This ensures that in the unlikely event that a breach does occur, even then no single database has all the information. The check provides a measure of confidence that the NZ services are designed right from a breach perspective.