Business & Finance
04:20 PM
John Soat
John Soat
Spearphishing & Other Targeted Social Engineering Attacks On Your Users
Nov 10, 2016
In this eye-opening webinar, top experts on phishing and social engineering will discuss the motiv ...Read More>>

IT Confidential: Don't Apologize About Data Loss--Just Don't Do It

Adequate data security means never having to say you're sorry.

My son's first day of college is the day after Labor Day, and my wife and I are driving him to school at the end of this week. Several hours in the car afford time for the Big Talk--you know, the one about taking life seriously, applying yourself, always keeping a positive attitude, and learning from your mistakes.

One life lesson I might impart goes like this: It's better to apologize than to ask permission. But I'm torn.

I was reminded of that lesson last week, when AOL confirmed that its chief technology officer had resigned. AOL also let go two data-research workers. These came in the wake of a tsunami of protests over AOL having published data on its Web site from search results for over a half-million of its subscribers. AOL issued a public apology shortly after the incident.

My son is attending Ohio University in Athens, Ohio--my alma mater. Ohio University has had to do its share of apologizing lately, since it was revealed last spring that servers on the OU campus had been breached by hackers, one for as long as a year, maybe longer. These servers contained personal information such as names and Social Security numbers for thousands of students, workers, and alumni (myself included). The university sent out letters of apology. Two IT workers were subsequently suspended and face dismissal, and the CIO resigned last month, saying in a statement on the university's Web site, "A new energy level and skill set is going to be required in order to allow our IT organization to realize its potential."

For some organizations, the "apologize after" approach is more than a life lesson, it's a corporate strategy. Rather than being proactive in instituting the difficult, expensive, and resource-consuming steps required to secure--and keep secure--personal data, it seems some organizations would rather ignore the responsibility and deal with the consequences of a data "compromise" in a reactive fashion, like this: shock, dismay, apology, dismissal.

So, does that make "apologize after" a life lesson worth ignoring? Maybe not. I don't mean to muddy the waters too much, but the "apologize after" lesson also occurred to me two weeks ago, when a federal judge ordered the National Security Agency to stop its telecom-surveillance program. I'm not necessarily a fan of government surveillance, but fighting terrorism--unlike fighting domestic crime--is all about being proactive, dealing with the potential for violence in an aggressive, preventative manner. "Apologize after" seems like a highly appropriate strategy for the war on terror.

So, what do I tell my son? How about something like this: Think positive, be scrupulous in your work, take responsibility, be proactive, and apologize ... as little as possible. For those who wrote in about my son's Apple MacBook, no, it wasn't affected by the battery recall, but thanks for asking (wiping sweat from my brow, and egg from my face).

Speaking of apologies, let me assure those readers upset by my referring several weeks ago to Led Zeppelin as a "decidedly average rock 'n' roll band" (you know who you are) that it was a joke--check the context. I'm a Led Zeppelin fan from way back, having attended my first concert of theirs in the summer of 1969. Send a Zep anecdote or a favorite song, along with an industry tip, to, or phone 516-562-5326.

To discuss this column with other readers, please visit John Soat's forum.

To find out more about John Soat, please visit his page.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll