In a previous post, "Give it back!" I mentioned the ongoing re-classification of declassified information and featured some publicly known sources for information on government secrecy. Today I came across to a news item relating to the topic in another way, "States Removing Personal Data from Official Web Sites", more from the article: "At least six states use redaction software, which digitally erases information. It can be tailored to excise nine-digit entries such as SSNs. Chips Shore, circuit court clerk for Florida's Manatee County, removed SSNs and bank account numbers from 3 million public records on the Web site. Another 2.5 million court records were redacted before going online."

That's an interesting way to fight the problem from the top of it, namely personal data security breaches that never stop growing, but I wish they came up with the practice either by default years ago, or understand today's dynamics of the threat. Even if they start implementing this on a wide scale, it doesn't mean identity theft would stop occuring, or that phishing attacks wouldn't trick them into giving the complete details. Having implemented a process for securely storing, accessing and trasfering such sensitive customers' bank data, often results in complexities, but using "redaction software" when you can actually take advantage of a risk management solution, isn't the smartest move here -- yet again that's the effect of today's dynamics and ever-changing attack vectors. What's the point of putting so much efforts into sanitizing the data before going online with it, when an outsourcer, or an employee whose responsibilities include working with it will somehow expose it? Wait, forgot the naive customer who's still taking all the phishing emails received "personally". Don't think SSNs and bank accounts "redaction", but insiders and storage/database security.

The link for this article located at Dancho Danchev is no longer available.