Business & Finance
Commentary
8/25/2006
04:20 PM
John Soat
John Soat
Commentary
Connect Directly
RSS
E-Mail
50%
50%

IT Confidential: Don't Apologize About Data Loss--Just Don't Do It

Adequate data security means never having to say you're sorry.

My son's first day of college is the day after Labor Day, and my wife and I are driving him to school at the end of this week. Several hours in the car afford time for the Big Talk--you know, the one about taking life seriously, applying yourself, always keeping a positive attitude, and learning from your mistakes.

One life lesson I might impart goes like this: It's better to apologize than to ask permission. But I'm torn.

I was reminded of that lesson last week, when AOL confirmed that its chief technology officer had resigned. AOL also let go two data-research workers. These came in the wake of a tsunami of protests over AOL having published data on its Web site from search results for over a half-million of its subscribers. AOL issued a public apology shortly after the incident.

My son is attending Ohio University in Athens, Ohio--my alma mater. Ohio University has had to do its share of apologizing lately, since it was revealed last spring that servers on the OU campus had been breached by hackers, one for as long as a year, maybe longer. These servers contained personal information such as names and Social Security numbers for thousands of students, workers, and alumni (myself included). The university sent out letters of apology. Two IT workers were subsequently suspended and face dismissal, and the CIO resigned last month, saying in a statement on the university's Web site, "A new energy level and skill set is going to be required in order to allow our IT organization to realize its potential."

For some organizations, the "apologize after" approach is more than a life lesson, it's a corporate strategy. Rather than being proactive in instituting the difficult, expensive, and resource-consuming steps required to secure--and keep secure--personal data, it seems some organizations would rather ignore the responsibility and deal with the consequences of a data "compromise" in a reactive fashion, like this: shock, dismay, apology, dismissal.

So, does that make "apologize after" a life lesson worth ignoring? Maybe not. I don't mean to muddy the waters too much, but the "apologize after" lesson also occurred to me two weeks ago, when a federal judge ordered the National Security Agency to stop its telecom-surveillance program. I'm not necessarily a fan of government surveillance, but fighting terrorism--unlike fighting domestic crime--is all about being proactive, dealing with the potential for violence in an aggressive, preventative manner. "Apologize after" seems like a highly appropriate strategy for the war on terror.

So, what do I tell my son? How about something like this: Think positive, be scrupulous in your work, take responsibility, be proactive, and apologize ... as little as possible. For those who wrote in about my son's Apple MacBook, no, it wasn't affected by the battery recall, but thanks for asking (wiping sweat from my brow, and egg from my face).

Speaking of apologies, let me assure those readers upset by my referring several weeks ago to Led Zeppelin as a "decidedly average rock 'n' roll band" (you know who you are) that it was a joke--check the context. I'm a Led Zeppelin fan from way back, having attended my first concert of theirs in the summer of 1969. Send a Zep anecdote or a favorite song, along with an industry tip, to jsoat@cmp.com, or phone 516-562-5326.


To discuss this column with other readers, please visit John Soat's forum.

To find out more about John Soat, please visit his page.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Oct. 20, 2014
Energy and weather agencies are busting long-held barriers to analyzing big data. Can the feds now get other government agencies into the movement?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.