This small government office handles several IT systems that require higher than normal security, including medical records and law-enforcement information, says a pilot fish on the scene.
"To accommodate HIPAA and CLETS requirements as well as basic normal security, everyone in the office has a pass card to get in the building, and every PC auto-locks in an annoyingly short time," fish says.
"Additionally, only approved, certified staff is allowed in the office area.
"During an audit, it's pointed out to management that the custodial staff comes in after hours to clean, and they are not certified and screened like the computer folk. So the ruling comes down the food chain: PCs get encrypted and desks must be cleared every day. We all have to shred any papers instead of throwing them away.
"I read the latest decree and adjust my process to accommodate the latest requirements. But then I look where I store all my screen prints, samples, printouts and notes: a file cabinet with no locks.
"Locks are dirt cheap, and the cabinet already has a mounting hole for them, so I request one for my sensitive papers. (The bottom drawer where I keep my stash of Cup-o'-Noodles would also be protected.)
"Result: request denied.
"Apparently, if the papers are out of sight, that's good enough. No one would ever go looking in a filing cabinet for papers filled with personal medical and criminal data to steal. They'd only take them if the papers were left in plain sight."
Sharky files the personal details off of your true tale of IT life. So send me your story at email@example.com. You'll snag a snazzy Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.
Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.