Previous Lesson

DIM-08-01 Data Storage Risks and Prevention

Data storage risks and prevention

Wherever data is stored, it is at risk of unauthorised access. This includes data on your devices, and devices at any of your service provider processing points (in stores, distribution centres, payment processing centres, central operations etc.).

How is the data stored? How is it protected?

Data on your devices

All our devices offer us the chance to store our data as local content. The data may be stored in an application specific format, accessible only through the particular application. Data may also be stored in standard formats that can be read by many applications, or as readable text.

Examples of data stored locally includes out personal profile data, our contacts, calendar, notes, messaging records, email records etc.

Should we lose our devices, or should our devices be accessed by other parties, the data may be accessible and result in private and confidential information falling into the wrong hands.

Managing our devices is our responsibility. We need to protect our data from being accessed by others. There are a number of ways in which we can manage this:

  • Always use a device specific login name / PIN code to lock and prevent casual access to your device.
  • Use the auto-lock function on your device to force the entry of your credentials should the device be inactive for a while (a few minutes).
  • Where appropriate have application specific security. Some applications, particularly those dealing with important information, may allow you to only use the application if you know satisfy the application security checks.
  • Some applications allow you to save files using password protection. This is extra security you may use when creating sensitive documents or files.
  • Files systems on our devices may store data unencrypted, or encrypted. Your device may allow you to determine if you want your data encrypted when it is stored on the device. If encrypted, anyone accessing your device must be able to login and perhaps know a key in order to access the data. This should prevent exposure of your data should a third party get access to your device physically, but not be able to login as you.

Consider using the above guidelines individually or in combination. Make sure that you are using suitably complex passwords, and that you do not use one password for all levels of security.

Data on your service providers’ devices

Our data is not only stored locally on our devices. If we use email services, our email records are possibly maintained on the internet by our email service providers. Email is a high risk service as we often attach key documents to emails and these documents may contain personal and financial information.

The same is true for all other web-service applications. If we use online services for social media, documents, notes, and other purposes we are placing our information and data onto systems that are hosted and managed by third parties. Using services that offers us “online storage of documents” means that our key content is now under someone else’s control.

We need to understand what the privacy and security management policies of our service providers are, and what processes they have in place to protect our information. When we accept the terms and conditions of use, we often give service providers the right to access, and even share our information. We also give service providers the right to observe us, monitor our activities, track our habits, and build up profiles on ourselves.

We also need to understand what assurance is given regarding backups, and availability of access to our data. Do we have the ability to take our data off the platforms and remove all records? Do we maintain ownership of all our data, or do we transfer ownership by using service provider systems?

Check whether information stored by the service providers is stored in an encrypted format or not. You do not want unauthorised access to your information.