This white paper explains the steps you need to consider when developing your privacy strategy and implementing your first data privacy project. Find out how you can help your organization implement best practices in privacy protection and make your privacy project successful from start to finish.
Enterprise Data Management SolutionsSeptember 2008
IBM Information Management software
Data privacy best practices:
time to take action!Data privacy best practices: time to take action!Page 2
Executive summaryContents In a technology-driven world, data breaches are not only common, they can also be costly. Privacy violation statistics indicate that the number of incidences and costs associated with data breaches are increasing steadily, proving that organizations 2 Executive summary across industries need to take a more pragmatic approach for protecting information, 3 Why is it important to protect especially in highly vulnerable non-production (development, testing and training) privacy? Understand the facts. environments. Data in non-production can be more susceptible to a breach when 3 What areas are most vulnerable? it is used in development and testing activities, accessed by mobile employees or Understand the risks. outsourced. 4 Considerations for planning a data privacy project In the midst of unprecedented security breaches, the best way to ensure that 13 Additional points to consider confidential information remains protected is to develop and implement a 13 Optim implementation - comprehensive privacy and security strategy. Once organizations realize that a user's perspective protecting privacy is no longer optional, most ask, "Where do we start?", "What are the requirements?" and "What steps should our organization take to implement an enterprise data privacy and security strategy?"
This white paper explains the steps you need to consider when developing your privacy strategy and implementing your first data privacy project. Using proven data masking techniques, such as those provided in the IBM® OptimT Data Privacy Solution, can help your organization implement best practices in privacy protection and make your privacy project successful from start to finish. Lastly, learn how a large retail company implemented Optim to develop a best practice strategy and a successful privacy project, overcoming many of the challenges that occur when implementing a privacy project on an enterprise scale.Data privacy best practices: time to take action!Page 3
Why is it important to protect privacy? Understand the facts.With hackers on the loose and identity theft on the rise, data privacy breaches are impacting our personal and business lives in ways we never dreamed of before. The proof is in the numbers. According to the Privacy Rights Clearing House, since January 2005 in the U.S. alone, the total number of records containing sensitive 1personal information involved in security breaches was 230,441,730. This number is increasing daily.
In this technology age, much of the confidential information that is targeted for theft resides in the business applications and computer systems that drive enterprise business initiatives. Without appropriate measures in place to protect privacy and prevent the severity of a breach, the next company affected could be yours.
Data privacy begins with protecting different types of sensitive application data, no matter where it resides across your organization, in both production and non-production (development testing, and training) environments. However, companies are realizing that the methods for protecting privacy in production environments may not be practical or appropriate for managing data in non-production environments.
What areas are most vulnerable? Understand the risks.The methods for protecting privacy in production versus non-production environments should be different. For example, most production environments have established security and access restrictions to protect against data breaches. Standard security measures can be applied at the network, application and database levels. Physical entry access controls can be extended by implementing multi-factor authentication schemes, such as key tokens or even biometrics. However, these Data privacy best practices: time to take action!Page 4
protective measures cannot simply be replicated across every environment. The methods that protect data in production may not meet the unique requirements for protecting non-production environments, where developers, testers and trainers need more access to realistic data, not less.
A 2007 survey, conducted by the Ponemon Institute and Compuware, showed that an overwhelming number of organizations use liv... [download for more]
