|Greg Van Wormer speaks about data security.|
A lot of media attention is focused on big data security breaches where thousands, or even millions, of credit card numbers become compromised. With a focus on credit card security, it can be easy to forget that there are other types of data that can be vulnerable to potential security breaches.
To help clarify what cities need to protect, and how breaches can happen in cities of any size. Greg Van Wormer, LMC’s Assistant Technology Services Director, recently presented some scenarios demonstrating potential data security issues.
Read through the scenarios below and see if you can spot how the Data Practices Act is being violated.
A night custodian is on his/her rounds when they notice that the city clerk’s computer has been left on. This clerk also manages human resources, and displayed on the computer screen is a letter of reprimand. The custodian reads the letter, learning who is being reprimanded and what they are being reprimanded for.
What security risks are in this scenario? There are multiple issues. The fact that the clerk’s computer is on and not password protected violates the Data Practices Act. The night custodian also violates the act by reading the letter because he or she is accessing data they don’t have permission to access. A further consequence is that the subject of the letter of reprimand could sue the city. To avoid these issues, make sure all computers are password-protected and automatically log-off if they haven’t been used in a designated amount of time.
A city manager is sending out an email to residents who signed-up to be notified when there is a snow emergency. The email list is relatively small, and the city manager sends the email through their city email account. The city manager copies all the emails into the email and hits send.
How did this violate the Data Practices Act? When the city manager sends the email, the email addresses are visible to all the recipients. This unintended disclosure violates the act by sharing information that is not for the public. A solution to this problem is to use a third-party email service that will send it to your list without showing other recipients’ emails.
Want to know more about how to protect your city’s data? Here are some resources you can explore:
- Check out the Information Analysis and Policies Division of the Minnesota Department of Administration's website
- Read more on NetDiligence—LMC's new resource to help cities protect data
- Contact LMC’s Research Department if you have a specific question by emailing firstname.lastname@example.org