3

KnowHR Notes: Don’t Put Confidential Information on the Internet

Posted on Thursday, September 7, 2006 by Frank Roche

This morning on Metafilter is an article by fenniq called Security is for Suckers. The writer did something brilliantly simple and used Google to search the phrase “confidential do not distribute.” Guess what was found? 60,300 results. And the author says:

The Best Hiding Place is Right Out in the Open? Yes, its a simple Google search. But it returns confidential pdf’s and pages from all over the internet. Business plans, powerpoint presentations and other naughty bits exposed to, well, anyone who finds it. Oops.

Wow, that’ll put a curl in HR’s hair. And a commenter added “not for public release” as another generator of excess stomach acid. Sounds like it’s policy time. We’re on it.

Support this post around the web. We would really appreciate it.

digg
delicious
twitter
stumbleupon
email

User Comments

  1. naarita

    Sep 11th, 2006

    Reply to this comment

    It’s a wonder that this is the case, and it also points out how completely ineffectual these confidentiality footers are. To really protect data privacy and integrity, especially in an email, you must use encryption and anti-theft solutions, like Essential Taceo. Thus, no need for the footer or legal claimer. You’re covered.
    More about Taceo: http://www.essentialsecurity.com/products.htm

  2. Sarah

    Oct 29th, 2006

    Reply to this comment

    I repeated the search for “confidential do not distribute” on the morning of October 29, 2006 and it looks like more than 50,000 internet-users took action ‚Äì at least to eliminate those words from confidential documents. I found only 9,590 results this morning. I also searched a number of variations: secret, top secret, do not distribute, for internal use only, confidential, embargoed, embargoed until, and several others. While trusty Google found many results, I did not find any documents that led to anything juicy that should remain private. It looks companies, the government, organizations and individuals all got the message that documents need to be protected through technical solutions.

    While I agree with what Naarita says above, that these footers and labels have not been effective at protecting documents on the internet, they do communicate the intent for the use of the document. With appropriate techology solutions, organizatoins can continue to make it clear to employees which documents should not be released to the public.

Leave a Reply

Looking for a place to add a personal image? Visit www.gravatar.com to get your own gravatar, a globally-recognized avatar. After you're all setup, your personal image will be attached every time you comment.

Trackbacks

  1. [...] Follow-up Measurement About Google Searching for Confidential Do Not Distribute As communicators, every day we try to keep up on the latest ways to break through the clutter, get attention, and inspire action. To assess how well we do that, we measure our results. So, we looked at the results of one of our recent posts Know HR Notes: Don’t put confidential information on the Internet. The post provided our readers with the statistics about how many highly confidential documents were easily available on the Internet and about how easy it was to find them. Similar posts were propagated throughout the Internet by many blogs. In the search that led to the original post, Google found 60,300 results for the phrase “confidential do not distribute”. [...]