InfoWorld’s Jon Udell writes about the the silly security holes that can exist when people obsess about forms and internal data security and don’t take a step back to look at a system as a whole.
In the example he writes about, Udell is able to gather a lot of information about people who go to the same YMCA he does because the ID bar code scanner displays the account record of the last person who used it. So he describes being able to tell his wife, the name, age, etc. of the woman who just went out the door of the YMCA before him.
I had something similar to that happen when I took my grandmother to the doctor several months ago. The front office had a typical u-shaped desk. When you were done seeing the doctor, signs direct you to one side of the desk to make a follow-up appointment. There were several people waiting to make appointments, so there was a small line starting at the front of the u-shaped desk and extending backwards toward the examination rooms.
Which meant I had a clear view of the receptionist’s 20″ monitor and knew that the women at the front of the line had been there to see the doctor about her breast cancer. So much for HIPAA!
Source:
Sidestepping the analog hole. Jon Udell, InfoWorld, March 1, 2006.