Today was a tough day, but one that drove home an important object lesson.
A mistake made by a third-party service company that manages some of Computerworld's research projects created the potential for some company data, supplied by participants in one of our surveys, to be exposed to other survey participants for a short period of time.
Potentially affected was company-survey data for Computerworld's 2008 Best Places to Work in IT, one of our best annual projects and cover stories. The likelihood was very low that this issue led to any significant exposure of data. What's more, the consensus among the survey participants I've corresponded with is they don't consider the data in question to be highly confidential. And, of course, all our survey data has been completely secured.
But this isn't a thing to stick your head in the sand about, make assumptions about, or attempt to rationalize. The only correct course of action is to transparently communicate to all potentially affected parties. And that's precisely what Computerworld did.
What that meant for this publication's editor-in-chief today was a great deal of manual copy-and-paste work in sending out more than 100 e-mail messages, one by one, to all Best Places survey participating companies telling them what we know about what occurred.
The object lesson comes from the school-of-hard-knocks knowledge that no matter how much you work to secure electronic data, there's always a weak link somewhere. There's no such thing as perfect protection. For us the weak link was an outside service company, a subcontractor. But it might have been anywhere.
Writing about an issue like this as I've done in past is not the same as seeing one unfold right in front of me. My eyes are now wide open, and I am doubly imbued with security conviction.