Some databases are not protecting your data properly...

Sep 6, 2007 13:30 GMT  ·  By

An important part in protecting a database is masking the info inside it. Your programs can still read it, but hackers will get things mixed up if they do access the info. Masking the data is also called "de-identification" or "data-hiding" and it is thought to be a pretty good security measure.

George Duncan is a statistics professor that has written about this in Science Magazine. He has said that this security measure is only efficient if the hacker does not get access to the entire database. Apparently even with the bogus data overlayed one malicious user could still steal some data. It will be a bit puzzling for him, but that does not make a person unidentifiable. The hacker could reconstruct an ID with the matching pieces - I know this may sound silly but that's just the way it is. That is why it's important to have more security measure installed.

Database owners need to offer privacy to the ones included in the info stockpile and also need to make the data useful for research. This is quite hard to achieve, but it would be possible, if a program that would not allow ID reconstruction were crated, as the professor stated.

As Duncan further wrote in Science, "achieving 'adequate' privacy will require engineering innovation, managerial commitment, information cooperation of data subjects and social controls (legislation, regulation, codes of conduct by professional associations and response to reactions of the public)" If you want to read more about this, check out the magazine's official website.

And all these efforts are needed, as an insecure database is worst than having no database at all. Just think about it, the first one helps researchers a bit, but may provide hackers with plenty of material for ID theft, while the second one neither does anything good, nor anything bad.