Thursday, June 14, 2007

Information security done wrong can kill!

...really.

This morning I took a look at an article in the New York Times about the Virginia Tech Report.

This report was requested by the American President after Seung Hui Cho shot 27 students and 5 faculty members to death at Virginia Tech’s Blacksburg campus on April 16.

His mental health was shown to be questionable and he had been ordered by a Judge to undergo a psychiatric evaluation. But due to privacy restrictions when he applied for a weapon there was no record of this and he was legally able to acquire one.

When I say "privacy restrictions" I actually mean "assumed privacy restrictions". According to the report (and as stated in an article on examiner.com) schools, doctors and police often do not share information about potentially dangerous students because they can't figure out complicated and overlapping privacy laws.

So, they would rather "fail safe" as such and not release any information. Even though, in this case it would have saved lives.

Rule number one when dealing with people who are trusted with information - they need to know what they can and can't do with it and rules have to be crystal clear.

Kudos to the American government for seeing the problem and reacting to it by proposing a Federal bill.
Post a Comment