“Need to know” is a bedrock tenet of information security. You only get to see it if you need to see it. The reasoning is that the fewer people who know the details, the lower the risk that information will be compromised by reaching the competition. Another term used among professionals is the “principle of least privilege,” borrowed from the notion in computer science that a user account should be given only that level of privilege that is absolutely necessary to its operation within the system, making failures less likely. By whatever name, the principle increases control by limiting access. The idea that any one person in an organization probably doesn’t need to know much is rooted in the industrial revolution. When we moved from the age of craftsmen who made an entire product to the assembly line, the worker mounting the wheel didn’t have to know anything about the rest of the car…. Keeping secrets has long been viewed through the same lens: compartmentalization helps keep things under control. But interestingly, it doesn’t always make things more efficient or productive.
Recent Posts
- Other Barks & Bites for Friday, July 26: New Group Registration for Frequently Updated News Websites, Trade Secret Claims Against TikTok Survive Dismissal, and USPTO’s Estoppel Provisions in IPR Proceedings Upheld
- Call Off Chicken Little: The Sky is Not Falling for Skinny Labeling After GSK v. Teva
- CAFC Committee Recommends Another Year of Sanctions Against Newman
- Massie Tells House IP Subcommittee Witnesses He’s ‘Appalled’ By Proposals to Rein in ITC’s Patent Powers
- CAFC Invalidates Remaining Claim on Data Transmission Patent, Remands Substitute Claims for Collateral Estoppel Determination