“The vessel was sold in a state in which information regarding operational patterns of the patrol vessel could have been obtained by some party,” an official told the paper. “We were on low security alert at that time.” That is certainly not the case these days, with heightened tensions on the Korean peninsula and the Japanese coast guard regularly involved in patrols around the disputed Diaoyu (Senkaku) islands.
Like hardware, data has a lifecycle. Eventually you will need to dispose of the data and/or the device that stores/processes/transmits it (and these days, all the cloudy services connecting to it…). Embedded systems, from ship navigation system to “quantified self” device such as Fitbit, should be included in data lifecycle analyses when relevant, and treated as appropriate for the sensitivity of the data that could be extracted. As this story shows, sensitivity of data or business processes is not static and changes with political tensions – among other factors:
It is important to periodically re-assess policies on information disposal and how sensitive information may be hiding in the nooks and crannies of devices you thought were harmless at the time.
…the Coast Guard admitted that there were no policies in place to remove data recording equipment or wipe data before selling decommissioned vessels, meaning the same thing could have happened on other occasions.