Data? What Data?

Theft of five notebook  PCs on a

single day from the parking lot of Delhi based Nehru Place, India's one of the

biggest IT products and components sales hub did not make news in the mainstream

newspapers. There are much bigger crimes happening in the city. However, the

news item reminded me of a similar experience my friend had, and the pain that

followed. The news clearly indicated that police were dilly-dallying in

registering an FIR about the crime.

In fact, I am aware of another case that happened a few weeks back, where the

head of sales of a leading oil company lost his notebook from the hotel. He was

unable to file an FIR, and back in his office, his CIO could not do much but

give him a new notebook. The entire database of his retailers, company's

quarter-wise retail sales plans, incentive schemes and policies for fields sales

personnel as well as retailers, confidential letters with his suppliers on

pricing were lost. He was sure that it was a hotel employee who had stolen the

notebook, and with quick action the notebook would have surely been recovered.

He had back-ups, but he kept praying to God that the data doesnot land up in the

wrong hands.

About two years ago, my friend was driving home after work, and took a brief

stop at a market to pick up some stuff. He was back to his car within a few

minutes, and found that his car had been broken into and the notebook was

missing. He straightaway went to the nearest police station to register an FIR.

The policeman on duty refused. My friend tried in vain to tell him that more

than the machine, the information on it was much more valuable. Therefore it was

important that some action must be taken to try and recover the laptop. There

was no way he could convince the policeman. It was only the next day evening

that very grudgingly the police registered a complaint, and not an FIR.

To his dismay my dear friend also discovered that back in office neither the

admin manager nor the CIO knew much about insurance of laptops. They both were

under this vague impression that insurance for laptops is a very cumbersome

process and most insurance companies do not insure notebooks. And whoever does,

the premium is very high. Not worth the hassle, was their response.

Nothing much has changed, really, in the last three years. Despite so much

that is said to be happening about IT security and eGovernance, the ground

reality is a little different. I think, whether it is the policeman or the CIO,

the value of data and information is still not very high. All the articles in

the newspapers and magazines, and the conferences and workshops on the

criticality of information security are yet to make an impact.

Industry associations are taking up causes of duty rates, manufacturing

policies, and piracy. It is high time they also tried to exert influence on some

of these problems. NASSCOM and MAIT should make representations to the home

ministry that a notebook theft case must be registered within a fixed maximum

time. These industry associations must come out with awareness programs for the

CIOs encouraging them to have strong security and insurance policies, especially

as usage of mobile and portable gadgets goes up. It is important that CIOs run a

crash course for their internal users on the “Do's and Don't's” for

portable gadget users. Industry associations can also attempt to involve

insurance companies-themselves, one of the biggest users of IT-and make them

see value in insuring laptops.

It is understandable if in remote towns policemen do not understand and

respond to such theft cases. But what is appalling is that all the instances

mentioned above took place in Delhi, Bangalore and Gurgaon-the shining

examples of Indian IT. The industry, the users as well as the Government need to

address this on a priority basis.