Is it 8 million or 13? It almost reminds me of a Saturday Night Live skit I saw years ago with Christopher Walken. He was a renter and the landlord asked him how many people he had in the apartment at a party. He said "4, (pause) or 87." He didn't seem to think it made a difference, but the landlord did.
Are we reporting security breeches too quickly? Was the Best Western incident a case of sensationalist journalism? Best Western thinks so. There were reports that they lost over 8 million customer records for people that had stayed at their hotels years ago. A newspaper reported the story and apparently Best Western thanked the newspaper for alerting them of the security breach. However the internal Best Western investigationsays that only 13 customers were at risk.
We want to disclose in a timely manner, I wrote about this after the Fly Clear lost laptop. However we also don't want to mis-report the issues. It's crying wolf and could substantially harm someone's business or cause a panic that isn't justified. If you smell smoke, how soon do you yell fire in a theater?
Companies will do their best to cover things up. I guess governments do the same thing, and I'm glad that we have so many people blogging, anonymous email, and more that can hold people responsible when they make mistakes. I think that having journalistic freedom is important, and more importantly, a variety of companies that can report on issues. Having too few groups controlling the media is dangerous.
However we want to responsibly report things. There should be some level of fact checking and also some level of courtesy to notifying companies. Security holes in software are a great example. Disclosing them to the company is necessary, but I think I'd argue that you should disclose them to some reporter as well, with the caveat that the company gets 30 or 60 days to correct the issue before it's reported to the public.
Maybe the world would be a better place if more things operated like that. Perhaps issues that we find in any aspect of how a company or government does business should be reported to the company, but then also held in "escrow" by the media for a set period of time. Or some independent body that is a part of each industry.
I'd like to think that most people would do the right thing, but the fear of litigation, of losing customers, of being published in the media has most companies unwilling to stand up and admit mistakes. The constant denials and ignoring of problems seems to predominate.
I feel bad that Best Western might lose business because of this, and that could affect employees' jobs. Especially if the reporting wasn't true, but I'd rather see this happen than it not be reported. Besides, Best Western can always sue the paper for libel, and guarantee their side of the story will get out.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are now available at sqlservercentral.mevio.com to get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.
or now on iTunes!
- Windows Media Podcast - 44.4MB WMV
- iPod Video Podcast - 35.5MB MP4
- MP3 Audio Podcast - 7.2MB
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.