Data loss and risk statement – A top priority in 2008

introduction />
The loss of a laptop with the medical records of 5,000 people was one of a dropper of a violation of the privacy of the new year. Public sector transactions in the United Kingdom over 37 million people who are lost or stolen personal information.

The leak of 25 million child benefit records by HMRC in November last year, was the world, the 5th most reported data loss. Incidents with the DVLA, the Department of Defence, NHS and U.S. government agencies, it seemed that the problem of data security has been released is a problem in the public sector.

But private companies have grabbed headlines in 2007, called “the worst year for data protection” of the Registry Internet site. TK Maxx lost more than 5 million albums in the UK credit card, Monster.com took the details of 3 million customers stolen in loans.co.uk 250 000 private customer data and have been sold and Leeds Building Society has lost data to its full strength.

business concerns

The loss of customer data is not the only concern in the private sector. A rising tide in mergers and acquisitions and competitive market marked the protection of commercially sensitive information as a concern just as strong.

Director-General and senior officials are now taking steps to review the policies to implement procedures sensitive data and risk losing their organizations in private or commercially sensitive data. High-risk industries include retail, financial services, utilities and professional services.

Guidelines and standards

Protecting the privacy of customers and the company is not only economically, but also the object of industry, government and EU regulations. After consulting security VigiTrust have laws such as the EU Directive on Data Protection and comply with U.S. rules in the field of security measures of information to a member of the board.

It would be a mistake for the United Kingdom and European organizations in the United States law in this area to ignore, as it can be binding, companies are negotiating with U.S. consumers. Regulation of the California Senate as Bill 1386 to “a person or company, a company in California,” even if they apply outside the U.S. are

Many organizations are pursuing ISO 27001 certification, the Information Security Standard (formerly BS7799). Major retailers are willing to Payments Card Industry (PCI) by the pioneer of the standard Visa and MasterCard get together to fight identity theft.

The public sector has responded to her “annus horibilis” confident in the data encryption on all laptops, but also through the dissemination of information governance standards on data protection for all public and practical help, as the toolbox “governance disclosure.

producer of software risk mitigation, the Irish company best known for recording and reporting on the abuse of illicit image, was conducted audits of discovery “to unprotected sex sensitive data on networks business since 2007 in recognition of its auditors have found that unprotected data in more than 36% of all IT resources scanned, 46% of PCs, 32% of email accounts and 30% of the server files. In all cases, it takes at least 20 cases of suspected data privacy in a document before they are detected filed “suspect” that.

Risk assessment – Where do I start

?
Best Practice begins with an assessment of actual data breaches or recognize the existence of “data at risk.” To help businesses to increase the transparency of risk, the Irish company offers a free Discovery Audit “to identify and report the presence of sensitive data at rest.

The Irish company auditor software privacy for sensitive data like credit card numbers, bank accounts or national insurance numbers, keys, etc. in clear in the e-mail, desktops, laptops and servers files to be scanned instead. The Irish company data auditor, on request, can delete or encrypt the data to the client.

During this engagement, the organization can designate specific sensitive data or documents should be stored on their network, such as commercially sensitive financial information. A full report and appropriate recommendations.

With public attention on the risks and compliance in the treatment of sensitive data, the early assessment of risk is now also the main starting point for protecting the interests of taxpayers, consumers, businesses and citizens.