Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Beyond Modernization
    • Technology Trends Shaping the Future of Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Beyond Modernization
    • Technology Trends Shaping the Future of Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Cybersecurity

Personally Identifiable Information (PII) at Risk – Is it Time for a Single Department of Data?

by Peter Jacobs
October 9, 2018
in Cybersecurity
Reading Time: 7 mins read
A A
Personally Identifiable Information (PII)
Share on FacebookShare on Twitter

Multiple hacks of government databases, along with the well-publicized breaches of retailer and credit reporting agency databases, mean that a wealth of personally identifiable information (PII) is in the hands of criminals. A key issue, says Jeff Kramer, Senior Director of Government Solutions for Reed Tech, is that this data is duplicated in too many agencies’ systems, resulting in more places for bad actors to attack. We asked him about the potential benefits and risks of this approach and got his insights on how to keep PII more secure going forward.

Government Technology Insider (GTI): You’ve proposed a “Department of Data” – a single agency that would store, protect and make PII available only as needed. What are the downsides to having information stored in multiple agency databases? 

Jeff Kramer, Reed Tech (JK): Having key pieces of personal data stored in multiple places results in a great attack surface for bad actors and a greater possibility of data being compromised. However, if you put some type of identifiable information in one central place, that would reduce the risk. You wouldn’t have to worry about different versions of data. You wouldn’t have to worry about who’s in control of it. It would be one central repository, and you’d have to create strong data governance guidelines for how to access it — I think those things can be easily overcome. 

GTI: One huge risk to PII is that Social Security numbers are being used as an identifier everywhere. When an employer, a health care provider, or a bank needs to know that you’re really you, they require that this same universal identifier is available. But that wasn’t its original purpose.

JK: I’m of the opinion that maybe the Social Security number has kind of come and gone, in terms of its usefulness. It was created back in, I believe, the late 30s, and now it’s a single identifier of somebody. Information like that may need to be revamped. But, right now, it would take a pretty good effort to go through and scrub all the places where something like your Social Security number is housed in federal agencies. 

GTI: In practice, how would a Department of Data work to make sure that agencies and anyone else who needed that information would be able to get it?

JK: We’d have to set up some practices or put some policies in place so that this is viable. There would have to be an effort to go through and look at the different agencies and consolidate information and then, once you do have a single point of access, each agency would have to make a case for accessing the data and why they need it. There would have to be procedures on the back end so that when they do get the data, it’s not, in fact, stored somewhere else. It’s just an instance of the data, and the main piece, or the main PII, is continually stored in one central location. 

GTI: How would this Department of Data idea fit with ensuring proper governance and, if there is a breach, how hard would it be to restore operations versus having information in distributed databases? 

JK: I think the mentality now is: “How reactive can you be in case of a data breach?” Maybe we need to think in terms of going on the offensive and not having a breach.   There’s cybersecurity procedures that we can set up to create a little bit more of a defensive network posture versus reactive. 

If you think of military bases or even someplace like the Pentagon, I think they’re probably a little bit more formidable, and their posture is, “Well, what happens if there is some kind of attack or if there is some kind of breach, what does that mean exactly?” And maybe we fortify our defenses, and part of that is keeping one place secure and solid versus having multiple locations that could possibly be compromised. 

GTI: How does this idea fit with technology innovations and emerging standards. For example, isn’t blockchain the opposite of a single data point? And would a Department of Data get in the way of new tech that could actually improve security? 

JK: Well, blockchain is it the latest buzzword – is it a fad, is it something that’s going to be around for a while? There’s obviously pluses and minuses to blockchain — private blockchain versus global or enterprise blockchain. 

Blockchain is good if you do not know or trust the other person, in terms of data. But if you do have some type of trusted private database or something that is a central authority, blockchain isn’t really needed. 

I think we need to get back to the roots of “let’s just secure that data.” Let’s put the data in place and make sure it’s secure without having to worry about other new, emerging technologies. PKI has been around for a decade. It’s trusted, it’s proven and public and private keys should be used for transferring data back and forth. It’s very efficient, it’s very fast and I don’t necessarily know that we need to come up with newer technologies. Maybe we could take a step back and look at the technologies that we’ve created and figure out ways to use them more efficiently. 

GTI: Do you have any final thoughts on keeping personally identifiable information more secure? 

JK: Well I think the government needs to step in and hold the agencies accountable for data breaches. Our data is all over the place. There’s three credit reporting agencies and they have breaches all the time. Somebody needs to be held liable for a data breach and its consequences. If we start putting some teeth into consequences for data breaches, I think you’d find that they would happen a lot less frequently. If it’s somebody’s bank account and they have to start paying for breaches, or are responsible, even legally liable, I think there would be fewer and fewer breaches. 

It seems to happen every day and it’s, “Oh, well, we’ll give you access to another credit agency to protect your data and if you have a breach, let us know.” But right now, I’ve probably been through four or five breaches and will likely subject to more, particularly if you get a security clearance, or any kind of clearance with the government, your data is even more at risk, with all the broader set of agencies that have social security numbers and PII. 

Ready to learn more about how to navigate the digital future and manage data? You can do that here.  

Tags: BlockchainChief Data Officerdata breachData DuplicationData PrivacyData SecurityDatabase HackingDepartment of DataJeff KramerPersonally Identifiable InformationPIIReed TechSocial Security number security

RELATED POSTS

NARA’s New Directives Create Challenges and Opportunities in Records Management for Federal Agencies
Civilian

NARA’s New Directives Create Challenges and Opportunities in Records Management for Federal Agencies

August 8, 2023
Bolstering Data Security
AI & Data

Bolstering Data Security with Modern Data Management: Part Three of Thinking with a Data-First Mentality in a Digital-First Government

April 28, 2022
Digital-First Government
AI & Data

Shifting to a Digital-First Government: Part Two of Thinking with a Data-First Mentality in a Digital-First Government

April 27, 2022

TRENDING NOW

  • A True Zero Trust Approach Requires Federal Agencies to Move Beyond Compliance

    A True Zero Trust Approach Requires Federal Agencies to Move Beyond Compliance

    374 shares
    Share 150 Tweet 94

  • Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    12048 shares
    Share 4819 Tweet 3012

  • DoD Leverages Cyber Threat Intelligence for National Security

    130 shares
    Share 52 Tweet 33

  • Making Identity Verification Equitable for All

    22 shares
    Share 9 Tweet 6

  • AI Implications – Power Requirements Going Nuclear on Local Grids

    30 shares
    Share 12 Tweet 8

CONNECT WITH US

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Customer Experience
    • Cybersecurity
    • Digital Transformation
    • Hybrid Work
    • Public Safety
  • Contact Us