Move Over Big Brother, Sister ELENA Is Here
Rik Ferguson, 07/01/2010, posted in "Analysis"
As Solutions Architect for Trend Micro, Rik Ferguson interacts with CIOs from a wide variety of blue chip enterprises, government institutions, law enforcement organizations. Recognized as an industry ...more info
As Solutions Architect for Trend Micro, Rik Ferguson interacts with CIOs from a wide variety of blue chip enterprises, government institutions, law enforcement organizations. Recognized as an industry thought leader and analyst, Rik is regularly quoted by the press on issues surrounding Information Security, Cybercrime and technology futures. With over fifteen years experience in the IT Industry with companies such as EDS, McAfee and Xerox Rik’s broad experience enables him to have a clear insight into the challenges and issues facings businesses today. ...less info
On the 1st of January this year German employers became subject to a new legal requirement, one that has their own Data Protection Authorities, Trade Unions and Civil Rights groups appalled.
From the beginning of 2010 every German employer must now submit detailed information on a monthly basis to the so-called ELENA database, ELENA is an acronym for Eleketronischer Entgeltnachweis which loosely translates to Electronic Payslip. This sounds innocent enough until you consider exactly what information employers are obliged to provide.
The information will cover every worker’s salary, all absenteeism and their participation in strike action whether legal or illegal. This data is to be submitted to a central hub and from 2012 it will be used to determine whether to pay out or refuse social benefits. Plans are in place to relieve employers of the necessity of printing paper-based pay statements for their employees and instead issuing each worker with a plastic “jobcard” again by 2012. This card would then need to be produced should the holder ever need to apply for benefits allowing for data retrieval to determine eligibility.
Peter Schaar, the German Information Commissioner is reported as saying
“I’ve got a big problem with this. Until now, such information on salary declarations has not appeared, and their general storage in a central file is not legally nor constitutionally allowed.”
My own (German) wife’s reaction to this news was more succinct “I thought these people had agreed that the Stasi was a bad thing?”. The German blogs I could find seemed to be equally opposed to the idea.
For now though, the legislation has entered into force and the reporting has begun. We can only hope that appropriate measures have been taken to store the data in a secure location, using appropriate encryption, that the data entry and retrieval mechanisms are protected with strong encryption and multi-factor authentication and that the appropriate organisational policies and procedures have been put in place to protect this highly sensitive data.
It is an absolute certainty that a centralised data repository of this size and significance will attract the hacking and cracking attentions of criminals, script-kiddies and “hobbyists” alike.
Subscribe via RSS or via email
