Responsibility for the security of data stored in databases from different perspectives, for example, the developer, the user and the management of an organization


Different people have different responsibilities depending on their position, they all have certain policies that have to be followed in making sure that the information will not be leaked and therefore no misuse the data they have. The developer, the management of an organization and the user all have access to data but all in different ways and up to certain limits. The developer has access to all the data because they need it to program the database. The management of the whole organization has access to all the data as they are in charge of everything, and may need to look up information. However the users do not have access to all the data, some users may have access to more data than others depending on their position in the organization.

An example is School A: It runs on an intranet and databases are a major part of it.


A developer in School A is the person programming all the databases; Mr. X does that in this school. He programs all the databases in school, therefore naturally has access to all the data available in school, including records of everyone. He has certain policies he has to follow though even though he has access to all the data. He has to sign policies that make sure he doesn’t leak data out, and also not pass on data to other users in school such as teachers, who do not have authority to access that piece of information.

The management in School A would be Mr. Y, who has authority to access all the data stored in the database, however he has policies and rules to follow as well. He cannot give out data so easily to any member of staff unless they have the authority or permission to access it. He also can’t leak out data he has to outsiders, who may misuse the data against the school. The management also has to sign a policy about what data can or can’t be given to which user, and also about not leaking out the data to anyone.

In school the users would be the students and teachers. The staffs all have access to different pieces of data, not all of them have access to all the data, and they all have different authorizations on which data to access. Teachers and other staff members as well as students have to sign a policy about using the school server correctly, and teachers also have to sign a policy about not leaking out any data they have. For example, information such as student results or personal information about a student. Teachers cannot access some of the data from home as they have to be in on the school server to actually access the data.


Area of Impact 1--Politics and Government



Evidence of issue:

There are public records of when you vote in Britain and it shows where each voter lives and personal details. It provides a history in a database of everyplace you have ever lived in while you have stayed in that country. However now there is an option of not appearing in list that is publicly available and only appearing on the restricted list which only the authorities have access to. The credit agencies however think they should have access to the restricted version because if they only look at the public version not everyone’s records will be there which will lead to them not getting any credit.

Here the problem is that people do not want their information on a public database where everyone can view it and access it but if it goes on the restricted database then they do not get credits as those credit people do not have access to the restricted.
http://news.bbc.co.uk/2/hi/uk_news/6110866.stm


Other evidence of issue:

In the UK the National Crime Squad keeps a database where all the records of victims are kept. This is then accessible by law enforcement agencies all over the UK. However though if it is accessible by the nation in UK, the data stored may not be secured as many people around the UK are accessing it. Some may even have the rights to change the data and they may misuse the data and put in wrong records which would give wrong information to the agencies located elsewhere. The problem here is official workers at these departments are misusing their rights by changing their data for their own various reasons which may be against the policy they signed.
http://news.bbc.co.uk/2/hi/uk_news/1168109.stm


Area of Impact 2--Health



Evidence of issue:

In Britain the government is in the middle of a massive IT project to unite the NHS's various computer systems. One of the developments is the bringing together of patient records on a national database. The access to all the database records regarding the patience is fully restricted to authorized users only. However it is going on a national base and the system could be vulnerable to hackers more as it is on a national base.
http://news.bbc.co.uk/2/hi/uk_news/6110866.stm


Other evidence of issue:

Doctors in England are concerned over the e-records of patients and having them online. They are concerned with the security of data and the accessing rights over the patient’s records. The NHS agency company is going to put up a database with all the records and medical details of every patient registered at the hospitals. All the records will only be accessible by the NHS staff across the country. However the main concern is that there are risks of the passwords getting shared as they may misuse the right they have on the access to the database filled with all the medical details of the patients. Screens may be left on in open view and anyone can go through the data or even change it and the person who left it on may not know. So without having the right they are going through the data which is misusing policies they may have signed with the company.
http://news.bbc.co.uk/2/hi/health/5177662.stm



Overall Analysis

Overall both the area of impacts politics and government and health play an important role in the issue. They both store large databases which only some people have the right to access to and if information or passwords are leaked then it can be a serious issue. In the area of impact of health it may be an issue to the hospitals who keep medical records of each patient. When it comes to politics and government it keeps many databases concerning many different departments. Around the country many have access to one database increasing the risk of data being passed on and data being misused or even changed without anyone realizing.

From the evidence on both my area of impacts I can say that for all of them they are concerned with the security of the data. Also they are concerned with the fact on who has the right to access certain databases like the e-records and the database with all the records of criminals. The similarity is the issue of whether by giving certain people access to databases if it is secured or not. Also whether by more people having access to them does it mean that information or the password may be shared which could be misused and invading an individual’s privacy. All the four examples have different databases and situations’ concerning the issue but it comes down to who have what rights and whether they misuse those rights and if it the database is secured if certain people have access to it.


Evaluation


The issue stated above is a global issue because it can happen anywhere and it may happen between databases that may have records linked with more than one country depending on what type of records it contains. The issue can be a long term as data that may be confidential and if it leaks it may cause problems to the people who were not supposed to leak the data and perhaps the company or the person whose details are in the data.

It may have a huge impact on many people or it may only have just an impact on a few people but that depends on the data and what type of a database it is. Depends on who misuses the right of having access to the information and who will suffer from the data being leaked out. If it is sale records between a few companies and that is leaked out by the accountant of one company then that will risk the profit of all the other companies by their competitors which will not benefit many people.

An area of impact that may be affected most would be health as in medical records stored on the computer and details of a patient’s medical history. If some details about a patient’s health are not secured and other people who do have the right have access to they may misuse those details and information may spread to other people. The record will not be secured and details will be out to people who do not have access to that information. Next impact would be of politics and government. Here all records are stored with different agencies like about crime investigation or like databases of voting records are also kept of the public. If many agencies like for example the crime agencies who keep track of all criminal records, if those databases can be accessed around the whole country then many people will be having the password to access and data can be changed or misused giving other agencies the wrong information. Both play an important role in the issue in different ways.


Bibliography

Doctors concerned over e-records [Online] / auth. BBC BBC News. - July 13, 2006. - October 9, 2007. - http://news.bbc.co.uk/2/hi/health/5177662.stm.
How we are being watched [Online] / auth. BBC News
BBC. - Novemeber 3, 2006. - October 6, 2007. - http://news.bbc.co.uk/2/hi/uk_news/6110866.stm.
Porn ring 'was real child abuse' [Online] / auth. BBC // BBC News. - February 13, 2001. - October 6, 2007. - http://news.bbc.co.uk/2/hi/uk_news/1168109.stm.