ITP Techblog

I'm a big believer that things get better with time. Anyone who has had a bereavement, a major trauma or a health scare of any kind knows this well. So I believe that for all of the mistakes and occasional disasters that we hear so much about, the IT sector is generally making things better all round.

But every now and then something happens that shakes that belief, and I had two in quick succession last week.

The first occurred when I reinstalled a standard software component following a rebuild of my desktop PC. I got the password wrong and so I looked for the "forgot password" link.

Now I'm VERY careful with passwords. I have a dozen or so accounts for which I schedule a password change every 90 days and I use a series of memorized strings of meaningless letters and numbers that are never written down, even in a password-secured password keeper. I also have dozens more non-sensitive accounts which don't have regular password changes, but nonethless the same rules apply, nothing written down. Ever. Anywhere.

So imagine how happy I was to receive an email a second or two after hitting the "forgot password" link that showed me (and the support tech helping me) my password in plain text! My tech who is new to our team might have been a bit taken aback by the stream of vitriol that poured out of my mouth at that instant, but I was appalled. This isn't just a mistake, its outright negligence on the part of a company that should know better. And we're not talking about a small outfit. This company claims to be the leading provider of this kind of software in the world and is widely installed in many much larger organisations than ours. You should be ashamed fellas, and I'm darned tempted to shame you publicly.

The second event I read about in the NZ Herald made me even more angry. Some cretin (and I'm sorry but I don't think that's being unfair) reportedly sent an email survey asking how counseling services could be improved to a large number of students who had recently used those services. I'm sure that all of the recipients would have agreed that the first improvement they could make would be to not reveal all of their email addresses which in many cases also revealed their names.

Seriously? I could maybe have forgiven that 20 years ago when email was new to everyone, but in 2015? When so many of these events have been widely reported? No. I'm sorry, this is beyond negligence. This is criminal stupidity. Not just by one person either. We've written before about how this kind of thing can be prevented. The organisation has to take some responsibility. Never mind that email surveys per se are a stupid idea, there are way more efficient options with fewer risks to privacy.

I hope that all of the people (presumably some of our most vulnerable) who have been publicly embarrassed by this get the opportunity to drive that lesson home in a way that will really be felt, because it's way overdue. Heck I'll even help them out for free.

Rant over.

Ray Delany is past president of IITP, and CEO of Auckland-based IT consultancy Designertech