LinkedIn’s No-CSO and my Personal Data.
The one thing that kept me thinking on a flight the other day was the latest new about LinkedIn’s 6.5 million password breach, and the followup lawsuit against it for violating its own privacy user agreement ensuring the security of one’s identity. and not specifically the story itself, but some of the aftermath that came out of LinkedIn afterwards.
LinkedIn have admitted to have no individual holding a CSO/CISO title and managing security for what is currently the biggest online social network for work relationships and job hunting. This was quite a shock to me, since I really thought that any organization of such size ( in terms of consumers and customers ) will have someone officially taking care of the security role.
This creates an interesting gap, since LinkedIn is not regulated ( no current regulation for social networking, and perhaps something should be there to protect personal information ) but it means that when a hack like this happens, who do you blame ? who takes the fall ? or in other words … if data i hold as an employer is breached, who is responsible ?
Now, i’m pretty sure that due to the publication of that fact, LinkedIn will resolve this soon enough, or at least they should. but it does make you think – where else did I put personal data online , and how is it protected if at all. are techies in charge of making my data safe ? or is there someone that actually holds that responsibility.
I encourage each and every one of you, who wish to put their data online, to make sure or at least check if those sites/companies are properly secured… hell… check in LinkedIn if they have a CSO