Data Breaches:
Data Security Regulations on the Rise: Data Breaches
A recent study by Jupiter Research, revealed that after virus infection and unintended forward of emails, loss of mobile devices and password compromise are the greatest causes of data security breaches. In fact, there are numerous federal, state and international laws and regulations that govern the protection of private, personal and confidential data held by corporations. These regulations do not make distinctions on where the data is located. Confidential data can be stored in the relative safety of a mainframe computer or it can reside on desktop PCs or mobile devices such as laptop PCs. For example, California's Database Security Breach Notification Act (Effective July 1, 2003) SEC. 2. Section 1798.29 added to the Civil Code that:
"Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person."
Why Protect Confidential Data From Breaches?
The enterprise faces potentially dire costs and consequences should unprotected consumer data be breached. The Ponemon Institute2 conducted a study examining the costs incurred by 14 companies that experienced a data breach. Breaches included in the survey ranged from 1,500 records to 900,000 records from 11 different industry sectors.
Ponemon Institute Data Breach Cost Analysis
Note that if these corporations had valid data security policies covering the lost data, they may have been able to avoid the costly public disclosure of data loss.
Since many of the new laws have already gone into effect, corporations need to get systems, policies and procedures in place quickly to protect client and customer information. It is interesting that most of the new laws and regulations require some form of encryption and user authentication be utilized on mobile devices in order to provide some measure of data protection and insurance against the exposure of private customer or consumer data. However, although encryption is deemed a necessary security tool, it is by no means a complete data protection solution. Encryption, in fact, is only the first line of defense.
The purpose of this White Paper is to assist Iron Mountain customers and technical support personnel with understanding personal computer (PC) encryption technology (specifically Microsoft, Windows, encryption technology) and where encryption fits in creating a total enterprise PC data breach protection solution, what Iron Mountain calls The Three Pillars of Data Protection:
1. Policy Management and Control for data security breaches
2. Threat Monitoring and Response for data breaches
3. Data Backup and Restoration for data security breaches
