KnowHR Notes: Don’t Put Confidential Information on the Internet

This morning on Metafilter is an article by fenniq called Security is for Suckers. The writer did something brilliantly simple and used Google to search the phrase “confidential do not distribute.” Guess what was found? 60,300 results. And the author says:

The Best Hiding Place is Right Out in the Open? Yes, its a simple Google search. But it returns confidential pdf’s and pages from all over the internet. Business plans, powerpoint presentations and other naughty bits exposed to, well, anyone who finds it. Oops.

Wow, that’ll put a curl in HR’s hair. And a commenter added “not for public release” as another generator of excess stomach acid. Sounds like it’s policy time. We’re on it.

Posted on September 7, 2006 by Frank Roche
Filed Under KnowHR, Policies

Comments

Viewing 2 Comments

naarita 2 years ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

It's a wonder that this is the case, and it also points out how completely ineffectual these confidentiality footers are. To really protect data privacy and integrity, especially in an email, you must use encryption and anti-theft solutions, like Essential Taceo. Thus, no need for the footer or legal claimer. You're covered.
More about Taceo: http://www.essentialsecurity.com/products.htm

reply edit reblog flag

http://www.iwantmyess.com

Sarah 1 year ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

I repeated the search for "confidential do not distribute" on the morning of October 29, 2006 and it looks like more than 50,000 internet-users took action ‚Äì at least to eliminate those words from confidential documents. I found only 9,590 results this morning. I also searched a number of variations: secret, top secret, do not distribute, for internal use only, confidential, embargoed, embargoed until, and several others. While trusty Google found many results, I did not find any documents that led to anything juicy that should remain private. It looks companies, the government, organizations and individuals all got the message that documents need to be protected through technical solutions.

While I agree with what Naarita says above, that these footers and labels have not been effective at protecting documents on the internet, they do communicate the intent for the use of the document. With appropriate techology solutions, organizatoins can continue to make it clear to employees which documents should not be released to the public.

reply edit reblog flag

http://www.ifractal.com/