Subscribe to my newsletter EDM News
Data Management Malpractice

UPDATE: Link fixed 

Terry Dowdy forwarded me his thoughts about this recent story in The Washington Post about The Nature Conservancy's mismanagement of data. With his permission, I present Terry's (slightly edited) thoughts:

This is wrong on so many counts: why was old data was still being used, why was it on a laptop (SSNs!), where is the AMS in all of this, why didn't they have good anti-spyware programs in place, etc. The only good point I see is that the network folks were monitoring their network traffic and were able to pinpoint the breech (albeit too late).

An organization as large as Nature Conservancy should've known better…and protected themselves better. But in the end, it always comes down to the end-user and their sense of personal responsibility — or lack thereof.

Terry raises some great points:

  1. Sensitive data on a laptop. That should never happen. Laptops are, by definition, mobile, which means the information can be easily physically stolen. Ironically, in this case, this information could have been on a workstation since it was stolen using spyware.
  2. Old data still being used. There may be some reason for keeping old data (since this related to payroll). But again, why would this data be on a hard drive? It should be a one a network drive that's well-protected.
  3. Where is the AMS? Good question. This was employee information, so it's arguable it didn't belong in the AMS, but a case could be made for that.
  4. Where's the anti-spyware? Again, hard to say if there was any loaded and whether or not it was updated.

But all of this points to data management malpractice. As data managers we are caretakers of the data. We have to be sure the data we're managing is safely handled at all times. And that includes keeping the data up to date and keeping it well-protected.

Where are your security holes? And what have you done to address them? It only takes one well-publicized incident like this one to sully an organization's reputation for years.

About author:
  • Terry Dowdy

    Thanks for posting this Wes (your edits definitly improve my writing and spelling issues). In regards to my comment about where the AMS firt into this picture, I was thinking about one of the comments posted on the original WaPo article asking if any contributor data was exposed. Also, since many AMS’s tie to an organizations accounting package, such as Great plains or Solomon, some organizations actually put their vendors in the AMS, and when paying out reimbursements they consider their staff as vendors, and therefore they end up in the AMS.

    Additionally, if one type of data (employee records) is exposed, who is to say that other types aren’t also in jepordy. Customers and users will quickly forget all of the good things that happen, assuming they evemnm know about them, but the bad stuff stays alive in memories for a very long time.

  • Wes Trochlil

    Thanks for clarifying that, Terry.

Archives

Sign-up for EDM News

 

 

Testimonials

“Wes was able to come in and offer tangible, relevant advice that made us more productive immediately. I value his understanding of databases but more so, his understanding of how nonprofits work. There was no lost time educating him about how membership organizations are “different.” Wes recommended changes in processes as well as tips and tricks that were easy to implement made an immediate positive impact.”

Mary Pat Paris, Executive Director
International Registration Plan

“We came to Wes because we were very frustrated with our existing AMS and we wanted to improve our capabilities as soon as practicable. Wes very quickly helped us through a process of identifying our needs, identifying potential vendors, and selecting a new system that we’ll be able to move into very quickly. I especially appreciated Wes’s candor about our processes as well as the systems we were looking at. He was a great resource to have in a period of high anxiety for our organization. I would highly recommend Wes for any similar project.”

Jack Chiasson, CMP Executive Director
National Association of Life Brokerage Agencies

“Wes was able to come in and offer tangible, relevant advice that made us more productive immediately. I value his understanding of databases but more so, his understanding of how nonprofits work. There was no lost time educating him about how membership organizations are “different.” Wes recommended changes in processes as well as tips and tricks that were easy to implement made an immediate positive impact.”

Mary Pat Paris, Executive Director
International Registration Plan

Mary Pat Paris
International Registration Plan

“This is the second database implementation we’ve done since I have been at Western Arts Alliance (WAA). The first I did on my own. This time we engaged Wes Trochlil as our database planning consultant. Let me tell you, this process is a whole lot easier having Wes on your team! For a small association like WAA, it’s tempting for board and EDs to question the justification and expense of a database planning consultant. But it’s the small associations that need Effective Database Management the most. Wes strengthened our planning process, clarified our needs requirements, helped us steer around solutions that couldn’t meet our objectives, and saved us money in the long haul.”

Tim Wilson, Executive Director
Western Arts Alliance

Tim Wilson
Western Arts Alliance
%d bloggers like this: