Several days have passed since the event that caused the encryption of the health data of the Lazio Region and questions flood with insistence. Can what happened to that region also happen to other public administrations? Have the right precautions been taken? What data was breached? What will the remedies be? And above all: What really happened?
In a recent interview with the employee, whose computer would be the gateway to the data breach program, the employee calmly states that he used his computer at 3 am to connect to the office databases, adding that “in smart working, data vulnerability is certainly wider.
Certainly, even if he will not be recognized as responsible, the naturalness with which that employee, probably an executive, claims to be aware that access from his home would have exposed the databases to risk is surprising, but this has not prevented him from doing so. And this is not just any information, but (as far as we know) relating to the health data of one of the most populous regions of our country, which could be accessed using the so-called “smart working” mode, suddenly widespread in our country, with great lightness and superficiality, which even after the end of the restrictions, remains used by those who prefer to work comfortably from home or from other workstations and in the most comfortable hours.
This lightness and even the inattention to the ways of performing work were understandable at the moment of the first emergency in which, in order to safeguard the health of the employees, it was decided to allow them not to go to the workplace and use the means at their disposal. , even without the necessary precautions. But in this moment when collective life has started to run fully again, the restrictions have dropped and it is possible to get in touch with anyone, at the bar, restaurant, supermarket, etc., it is surprising that there is still someone who feels in right to adopt that way of working with the same lightness.
And it is not a question of attributing any blame to the individual employee, who is already ready to give interviews and probably close to attending talk shows, but of highlighting the serious superficiality, to the point of verging on cheerful management, of those who administer our levels of government, even the most delicate ones, such as health care ones, to whom we confidently entrust our most confidential information.
We have no doubts that the affair, although serious, will be resolved “politically”. The President of the Region himself has already stated that there has been no violation, as if this decision belonged to him and not to those of the Authority in charge of the protection of personal data. And it is likely that no sanctions will be applied, except for some poor unwitting employee.
The question, however, clearly highlights the consequences that derive from the presumption of wanting to run towards the highest peaks of innovation, without any interest in the consolidation of the basic principles of the organization, because it fascinates innovation more than “putting order”.
Certainly there will be projects, already financed with millions, for the activation of diabolical automatisms capable of activating super modern procedures. However, there are no investments to organize the archives, equip them with protection systems, guarantee their conservation and protect them from possible intrusions.
And with a view to “smart working”, which has very little of smart and sometimes has little even working, possessed by a passion for the “new” and “more practical”, initiatives are launched to expand access to the networks without due attention.
From the news we have learned that our health data are accessible to those who have the skills to do so, that the body that holds them does not have the habit of keeping a copy in a safe place, that an employee, on sleepless nights, from his own home, can connect and freely access all that “sensitive” information.
It is to be hoped that it does so away from prying eyes and in compliance with safety conditions and that certain levities are not widespread. But above all it is to be hoped that, once the emergency that subverted priorities has ceased, it will be understood that the recognition of the rights of public workers to work when, where and if they want cannot jeopardize the safety of citizens. and more confidential information about their life or health conditions.
Working like this may be called “smart”, but it is not at all.