Protecting data in the age of dumpster diving

Protecting data in the age of dumpster diving

Some organisations are blissfully unaware of the dangers of discarding information which is not considered core business, says Miriam Waterhouse

Dumpster diving, the practice of sourcing food and other discarded items from supermarket waste bins is a sign of the times. Some, sadly, do it out of necessity, while others do it from an idealist stance.

The more entrepreneurial look to profit from the huge amounts of waste retailers discard every day. Never has the saying ‘one man’s trash is another man’s treasure’ rung so true.

Similarly in business technology, organisations have become increasingly adept at discarding information, which on the face of it, has gone beyond its useful ‘shelf-life.’ Some understand that in an app-centric social world, that is the normal cost of doing business and mitigate risks.

Others are blissfully unaware of the dangers (and opportunities), of discarding information which is not considered core business. For example, the National Film and Sound Archive’s core business is our rich digitised collection works, which the entrepreneurially inclined could exploit.

As the volume of digital information grows, we’re seeing an increase in the sophistication of methods used to collect, aggregate and analyse raw data.

No longer does this simply mean gaining insight at an individual level; it involves determining a bigger business picture from all the connections, interactions and communications across people, groups and businesses.

Whether you’re a supplier or consumer of digital ‘trash’, the implications – like the data itself – are complex and varied, ranging from talent acquisition in ‘hot’ areas such as data science and analytics, to issues in security, risk management and privacy.

For years the security model in business computing has been to ‘defend the castle’. That is, rigorously safeguarding our information assets from behind firewalls and granting access to a privileged set of employees and users – all made possible by adopting increasingly mature tools and security methods.

Today these goals remain the same, but since enterprise information is now freely available beyond the traditional perimeter, they must be supplemented with additional practices. This process starts with understanding how organisations have the means to gain business context from your digital trash, and then adjusting policies to remediate any risk or exposure.

Here are a few ways you can do this.

1. Visualise your information trail

We all know the tale of Hansel and Gretel, who got lost in the forest after their trail of bread crumbs was eaten by birds. In business technology we can be just as naive, leaving crumbs of data that are just as digestible – only this time by hackers and even competitors.

For example, even a simple web search or browsing session can easily be tracked and quickly combined with other information sources to yield critical insights and business intelligence.

To address this issue, work closely with your security, risk management and legal teams to build up an accurate picture of what digital material you are discarding, who is accessing it, and why it might be valuable (in raw form or combined with other information).

In my experience, this can start with simple methods to visualise information trails, and then mask and obscure information patterns when appropriate (e.g. from the traffic created by strategic employees). Also, ensure your security team consistently revisit browser security settings and cookies, together with mobile device and app usage.

2. Get socially smart

Popular social network sites are digital dumpsters waiting to be scoured. In one recent example a start-up company mined public domain employee social networks to build up accurate enterprise level talent profiles, together with insights into organisational skills gaps.

This interesting business model demonstrates how social behaviours and employee communications can leave behind a rich data trail.

It also illustrates how this data can be quickly aggregated for business gain. To protect your business, educate your workforce on the acceptable use of social networks in the workplace.

For years we have worked to protect key business gems like patents, acquisition plans and customer lists, so work with employees to show them how social behaviours, sentiment and even misplaced enthusiastic comments can compromise critical assets.

For example, consider introducing policies against personally connecting with customers whom you are actively engaged in business – it’s all common sense of course, but it can be easily forgotten.

3. Understand digital trash usage and abusage

I’m always reluctant to divulge any personal details without understanding how that information will be used. Similarly, enterprises should be wary of sharing information with partners and third parties without first understanding their intended usage.

With this in mind, work to determine the overall value and how your business will benefit from any data-sharing relationships. It’s also critical to understand and protect against data loss, so consider new security methods for protecting information, especially when exposed via application program interfaces.

My observations in this article are not meant to paint an overly gloomy picture. Remember, much of the data you discard will have no commercial value, so focus your efforts accordingly.

Also keep in mind that information-sharing relationships may unlock tremendous opportunity since, by itself your data may have no commercial value.

Finally, understand that as you increasingly adopt digital and social-centric business computing more information will be generated – how you protect and profit from it is up to you. After all, you wouldn’t want your digital trash to become someone else’s Big Data treasure, would you?

Miriam Waterhouse is the CIO at the National Film and Sound Archive in Canberra.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Miriam WaterhouseNational Film and Sound Archive

Show Comments