PII Paper

Today it was widely reported that the Boston Globe and Worcester Telegram & Gazette inadvertantly distributed credit and bank card numbers of as many as 240,000 subscribers with bundles of T&G newspapers on Sunday.  (See http://www.boston.com/business/articles/2006/02/01/subscriber_credit_data_distributed_by_mistake/ for one story on this).

I don’t know much about the mechanics of a newspaper printing press, but when I went on a tour of one (admittedly more years ago than I’m going to admit) the way the paper was printed was completely separate from the computer systems and customer databases.  Yes, I’m probably living in the dark ages, and probably modern news publication advancements now allow for direct printing of the paper with just a press of a computer keyboard button, but I’m still trying to figure out how what sounds like a subscriber database listing got printed with the Sunday funnies!  Is it as simple a lack of access controls?  Lack of separation of duties?

It reinforces in my mind the need to encrypt personally identifiable information (PII) in storage.  If the database *HAD* been encrypted, then would just some hieroglyphic-looking pages been bundled with the Sunday news?

Technorati Tags


Leave a Reply