How Safe is Your Data?

By Laurence Martin | February 3, 2021

You have probably heard of the latest national computer scandal where over 200,000 records were deleted from the Police National Computer (PNC).  It highlights the same issues all businesses and organisations have regarding the safety of their data, this case is just on a national scale in an area of public safety.

Apparently, a coding error (someone got the programming wrong) meant that since November records were being deleted that shouldn’t be.

Now, they are working “at pace”, it seems, to recover the lost data.  This obviously depends on their back-up strategy.

But could the issue have been prevented in the first place with better testing?

Let’s look at back-ups first.  If the problem goes back a couple of months, it sounds like a few thousand records were being deleted every day rather than one big loss.  This means that you can’t simply restore the back-up copy as you need to look at every day’s data, and in the meantime lots of correct work was being done.  They’ll need to look at the back-ups individually to find each deleted record.  Let’s hope it’s simply is deleted records because finding erroneous changes to records is much harder.

What’s your back-up strategy?  Does your database enable you to log the changes (transactions) as well as taking a full-copy every so often?  How far back could you go?  Depending on the frequency of your back-ups, what’s the worst-case data loss and how would you recover from that?  When did you last successfully restore from a back-up?

The other lesson here is about testing new systems.  Regardless of how much testing you do nothing can replicate thousands of live users all using the system in their own way.  Every software company will plan to release patches after going-live to address issues that reveal themselves in the real world.  However, you need to make sure it does what it says correctly.  But testing shouldn’t simply be a check that it performs according to specification, but it should have the aim of breaking it.  It takes resources, but someone should be tasked with “see if you can get it to go wrong.”

Finally, I’m going to put a plug in for training.  Without appropriate training users will work out for themselves how to use the system.  That will lead to hundreds of different methods of doing things – the users just want to get their job done – which leads to unintended results as well as inconsistency, unreliability and inefficiency.

It’s all gone quiet since this story broke, and it may be that everything that could have reasonably been done to avoid this has been, but please consider the lessons for your business.

Posted in Databases and tagged