Proverbially at least, elephants never forget. Neither does the Internet.
Once information is out there, you must assume it will always be out there, and that deleting it at its source may make no difference.
A recent article on the Equifax hack suggested that apart from violating the principle of keeping other people’s data confidential, the Equifax breach may not have done much real damage after all.
The contention is that the personal data was already available to any one willing to pay for it, from other organisations on the web. Is that true and if so, what can enterprises and individuals do about it?
If the internet is so transparent, the first rule about data must be the same as the one for gambling and stock market investments: never put up more than you can afford to lose.
The second rule is to ensure you have the level of control you need over any data you choose to send to the cloud or other parts of the internet. Encryption is a common precaution.
The encrypted data may still find its way out into the virtual universe, but at least nobody will be able to make any sense of it, assuming you are using suitable strong encryption.
The challenges often come from the situations where personal and professional data overlap or get confused. Social media accounts are one example.
Between internal social networks, external professional networks such as LinkedIn, and external personal networks such as Facebook and Twitter, user IDs and passwords are reused, and profiles can often be easily hacked and replicated.
Social engineers know that these aspects open diverse possibilities to leapfrog from personal to enterprise accounts, or to fool employees into divulging confidential information.
Making users aware of the elephantine memory of the internet should be a priority, with the message that once data is out there, it should be considered automatically visible to anyone who wants to see it.