The Sky’s NOT Falling – A Missed Opportunity


sky-is-fallingI read Use of File-Sharing Service Leads to $218,400 Fine for HIPAA Violation this morning (2015-07-17); it set me off.

I have no issue with the facts as reported in the article; what I do have issue with is the complete lack of balance. The article is written by Eric Packel of BakerHostetler (law firm in a buncha U.S. cities). As a lawyer, as someone who advises and counsels, he should know better than to leave things as they ended in the article. Yes, the company in question screwed up by stuffing a bunch of sensitive data in what I can only assume was a consumer-grade or mickey mouse type of cloud based file sharing system. They got what they deserved, hopefully learned a lesson, and hopefully not too many patients were compromised or inconvenienced.

No, what really, REALLY irks me about the article is that Eric did not conclude with concrete advice on how to prevent this type of situation. As a consultant, it’s my obligation to provide advice whether it’s directly on a client engagement or when I’m writing a post or article; and I hope I meet that obligation. The author of that article has the same obligation as I do, albeit at multiples of my billing rate.

It would have taken about three minutes to write a closing paragraph along the lines of …

“Hey! Don’t let this happen to you. There are many, many (130+ according to Alan Pelz-Sharpe until he stopped counting) cloud-based storage and sharing services out there. Pick one that’s certified for [whatever you need] and go. And don’t forget – you can outsource data but you can’t outsource accountability (paraphrasing Ann Cavoukian – former Info & Privacy Commish for Ontario).”

… how hard was that?

As it is, Eric feeds the FUD (fear – uncertainty – doubt). The cloud deniers have another “holy cow look what happens when you store stuff in the cloud!” incident to feed their paranoia.

Eric, buddy, you missed a glorious opportunity to make your point and educate the market a bit.

4 Comments on “The Sky’s NOT Falling – A Missed Opportunity

  1. My ‘Enterprise Records 101’ rant a while back was fueled by a bunch of barristers out of the Windy City, they were evil.

    Like

  2. Chris – Maybe he’s a plaintiff attorney so providing further information goes against their grain. May lose an advantage in a case. Agree the article could have mentioned the Cloud Security Alliance and services like Skyhigh, etc., that exist in order to identify the companies that meet your security requirements. If folks have cloud FUD, they better take a closer look at their company’s domain. Guess they should have had more domain FUD at the Hacking Team.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: