The good, the bad and the corporate information leak


blog Great post on the AuTechHeads user group analysing how the WikiLeaks phenomenon (that is, information leakage in large organisations) should or could be handled by IT managers. NSW public sector IT manager Matt Marlor nails it when he writes:

“I am not a firm believer in information leakage prevention. There are many and multiple methods to reduce and mitigate information leakage. I don’t fully believe that information leakage can ever be entirely prevented though. You might stop screen grabs, printing, copy and paste, emails, webmails, USB keys, even digital cameras … but you won’t stop human memory, for example.

I do believe that methods such as Rights Management can be very useful to stop information from inadvertently leaving the organisation – but nothing will stop it from being deliberately disseminated.”

The truth is that you can — as many Australian organisations have done — go as far as putting glue in the USB ports of your employees’ PC and implement complicated rights management schemes, but information will still leak out if there is sufficient motivation for staff to help it do so. You can only mitigate the risk; not remove it entirely.

The best way to stop information leakage is to provide great leadership at your organisation. If your employees believe in what they are doing, they won’t take information out of the company — because they believe in its success and don’t want to hamstring it. But this is obviously a very hard thing to achieve for any organisation; let alone those which are in the public sector and subject to the frailties of the political leadership at the time ;)

Image credit: Adam Stone, royalty free