May 28, 2009 at 6:39 am
When I give up a machine at work I either wipe the hard drive myself or give it to the tech support group to wipe the hard drive to remove any customer information on it before recycling or sending to surplus. I assume that the same is done with our servers. Of course I do the same at home before giving away a computer.
It seems like any business would do this if they had any proprietary information on a machine.
Terri
To speak algebraically, Mr. M. is execrable, but Mr. C. is
(x+1)-ecrable.
Edgar Allan Poe
[Discussing fellow writers Cornelius Mathews and William Ellery Channing.]
May 28, 2009 at 6:52 am
This can get messy. Suppose you sign up with some information on a website with a good privacy policy (will not give name to others etc) but that company goes bankrupt... The customer list could be considered an asset to be sold under authority of the bankruptcy court, the terms you agreed to might not even apply.
It could also be that if execs or IT have access to backup tapes, it may still be illegal to access that data because it is under authority of the court.
...
-- FORTRAN manual for Xerox Computers --
May 28, 2009 at 7:43 am
One company I worked for went out of business, and sold its customer lists to its biggest competitor.
Those same lists were also hijacked by a group of employees who went to work for another competitor, and lawsuits ensued. I don't know the full outcomes, but I know that one guy went from being a sales exec to being a pizza delivery guy over the lawsuit.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
May 28, 2009 at 7:59 am
A few years ago, I purchased a lot of five used Dell PCs which had been "traded in" for new systems from a value-added reseller. The disk drives were fully intact and totally unencrypted. I found all sorts of sensitive personal and corporate data. One system had an SQL Server database with employee records and payroll data. Another had Quickbooks data. Some of the personal photographs were, to say the least, personal and ve-e-r-r-y interesting. I purged the photos and databases and uninstalled Quickbooks, then put the systems to the use I intended when I bought them - two of which my children are still using.
May 28, 2009 at 8:07 am
Robert Domitz (5/28/2009)
A few years ago, I purchased a lot of five used Dell PCs which had been "traded in" for new systems from a value-added reseller. ....
... so THAT'S what they mean by "value added"
...
-- FORTRAN manual for Xerox Computers --
May 28, 2009 at 8:25 am
I think it's time to restore some balance to privacy laws where corporate directors are made responsible for violating them -- much like certain tax or pollution laws. Just because a company folds does not mean the directors go free due to violations. If the company thinks collecting private data is it's right, then adequate disposal should be a responsibility. I can see a role for third-party entities that can help existing companies of this responsibility, but the current practice of abandoning and not even making an effort to protect personal data (be it customers, clients, or employees) is unacceptable.
May 28, 2009 at 9:55 am
jay holovacs (5/28/2009)
Robert Domitz (5/28/2009)
A few years ago, I purchased a lot of five used Dell PCs which had been "traded in" for new systems from a value-added reseller. ....... so THAT'S what they mean by "value added"
Almost put coffee on the monitor reading this one. 😀
May 28, 2009 at 11:24 am
This whole idea of dead data, and the responsibility for it is one of the things that makes me cautious about "the cloud", and whether or not it is good to put too much of an organization's assets in "the cloud". Once your data leaves your machines to be stored somewhere else, how can you be sure it's safe, or even accessible?
I'm also wondering when people are going to start seeing Google as an evil behemoth the way they've seen Microsoft for years, but more as a monopolizer of information and data than a monopolizer of tools.
May 28, 2009 at 11:52 am
As DBAs we act as the 'stewards' of data - we are not the owners of the data.
However it is our collective responsibility to document concerns such as this and to convey these concerns to management. As 'stewards' of data it is there that our 'true' responsibility ends. Sure we can and should follow up. We are not the owners of the data, we simply do what we can in identifying the issues as they relate to us collectively.
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."
May 28, 2009 at 11:52 am
I think Google is just as bad as Microsoft has been, but I also think that this is the way most companies behave as they get successful. People want to continue growing and becoming "better", easily crossing the line into a bad place.
May 28, 2009 at 1:47 pm
rudy komacsar (5/28/2009)
As DBAs we act as the 'stewards' of data - we are not the owners of the data.
To gets us beyond the issues of ownership and stewardship, maybe the skills needed for final adjudication of data is an additional DBA skill. It includes safe disposition of data. Much like a hazardous materials expert who advises in all aspects of acquisition, use, and disposition, DBAs can serve this unmet expertise. Perhaps the acquisition plans should also include safe methods for disposition as well. Not that there is not enough to do for already overworked DBAs, but as a long-term strategy, perhaps DBAs of future can stake a claim to such skills.
May 28, 2009 at 2:24 pm
sjsubscribe (5/28/2009)
rudy komacsar (5/28/2009)
As DBAs we act as the 'stewards' of data - we are not the owners of the data.To gets us beyond the issues of ownership and stewardship, maybe the skills needed for final adjudication of data is an additional DBA skill. It includes safe disposition of data. Much like a hazardous materials expert who advises in all aspects of acquisition, use, and disposition, DBAs can serve this unmet expertise. Perhaps the acquisition plans should also include safe methods for disposition as well. Not that there is not enough to do for already overworked DBAs, but as a long-term strategy, perhaps DBAs of future can stake a claim to such skills.
Might be a good idea when SQL 2000 makes our jobs completely obsolete, because just anyone will be able to install, run and build databases! 🙂 When that happens, we'll still have a job, running the hard drives through a shredder or some such.
Sorry. Couldn't resist.
Most companies aren't going to care about their "dead data" enough to pay someone to handle it. If disposal becomes legally mandatory, then yes, there will be companies that will provide that service, and experts employed by them to do it.
Till then, if you buy a used computer, check for anything entertaining on the drives, then wipe them clean. Last thing you want is to have your refurb computer make sure it rejoins all of the bot-nets that the prior owner was kind enough to install for you.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
May 30, 2009 at 7:42 am
Hi Guys,
Just read this article from nice and sunny Ibiza and wonder sometimes why customer do not realize that their data is on external machines, by paper are secured that data is being treated secure, however bankcrupty brings this in a complete new situation as contracts are based upon a business and this situation is nota business anymore, even escrow is not valid in this matter from Data as it onl complies to software.
I see a lot of companies realize it that data is not in their company anymore when they underfind a error in connection or bankcrupty.
Then they start to ask and require more security.
All the ASP models you see are good for small size companies as you can offer a service to bankup and send it to their own servers, but large size companies (as we have) you need a whole different concept and a ASP model is not able to implement (we found out after 3 years).
So if a bankcrupty ASP company can sell data from a customer to others, I think the former company did not do his job good and deserves to go down, and customer did only look to the advances (save $$$) and not to the property rights.
So they deserve each other, next time they think twice to do this kind of structures.
Data is the power within the company, happy for us that not a lot of companies realize this 🙂
Happy hunting,
Jaap
Viewing 14 posts - 1 through 13 (of 13 total)
You must be logged in to reply to this topic. Login to reply