Information Protection Practices for Web Content Providers

Background

The news about data leakage happened around are mostly related to information put up on web. Most of the time, people are unaware of the risk until it happens. Therefore, it is necessary to draw up guidelines for Web content providers and webmasters in departments to raise their awareness on information protection. The followings are a list of actions needed.

Preventing Web Information from Cached by Search Engines

Sometimes, web publishers may wish to protect certain information from being cached by search engines even though the information may not be classified as sensitive. They can do so by means of META tags or through robot.txt. However, we should not trust that this will provide sensitive information since only some search engines honor them. The best way is to assess the information and classify them. Avoid putting it up to an unprotected page.

Reporting and Handling Information Breach for Cases Involving Sensitive Information Being Cached by Search Engines

When sensitive information has been accidentally leaked, they might have already been cached by various search engines such as Google, Yahoo, MSN etc. To remove them, we may take the following steps:

  1. Report to the university immediately (need a contact point and establish a flow for this).
  2. If the web content can be removed and the web content is managed by you, remove the involved page(s) from the Webserver. Request to the webmaster of a site for immediate removal of the involved contents.
  3. If the web content cannot be removed for some reason (i.e. just removing the involved information), then add the appropriate META tags to prevent further caching by the cache engine or enables the replacement of web content by the search engines.
  4. Do a search on major search engines to learn the extent of problem related to data being cached by search engines.
  5. Request the removal of cached information to various search engine providers.
  6. Check the status of the requests and verify their complete removal.
  7. Keep the university informed of the progress.
csc@cityu.edu.hk