Following a historically challenging year for the data protection community, the Online Trust Alliance (OTA) has drafted a series of guidelines to ensure that organizations are better prepared to prevent and respond to data breaches.
The OTA’s 2012 Data Protection & Breach Readiness Guide will be unveiled at a panel discussion held in honor of Data Privacy Day. The draft is expected to answer pressing data security questions that continue to linger in IT departments across industries and offer a range of best practices to limit risk and respond effectively in the face of dangers.
“Last year more than 125 million people were affected by data loss incidents. Combined with the increased awareness for these high visibility incidents and aggressive data collection and sharing practices, consumers’ trust and online confidence is under attack,” noted OTA executive director Craig Spiezle.
These assertions are by no means an exaggeration. According to OTA analysts, more than 550 data breaches were reported in 2011 – though the actual figure could be much larger. If the recommendations outlined in the OTA guide had been followed, report authors asserted that approximately 96 percent of such incidents could have been avoided.
The release also provides compelling impetus for action by quantifying the economic effects experienced by victimized IT departments. According to the OTA, the average cost incurred by businesses suffering a breach last year was $7.2 million, or $318 per compromised records. An average of 600 man-hours were also needed to restore systems to safe and efficient operation.
To put the events of 2011 in perspective, Ponemon Institute researchers have quoted the average per-record cost of a data breach to be $214, $204, and $202, respectively, over the previous three years. This marked increase in the scope and severity of incidents in the past 12 months would suggest that IT departments are in critical need of revised data security protocols.
“Businesses need to look holistically at data privacy and ask: ‘What is the compelling business reason to keep customer data?’ When you have a data incident, the more data you have stored – and compromised – the more damaging it can be for both the individual and the company,” explained Chicagoland Chamber of Commerce executive John Robertson. “The OTA guide gives key insights into questions that companies need to ask themselves to protect their customers and delivers information for any business developing, implementing or update their privacy policies and notices.”
To help in the planning process, OTA report authors have included a sample data loss plan outline as well as external links to a variety of protocols that are being applied in the field. There is also an extended discussion of information retention policies, including data minimization and destruction techniques, that have grown in importance with the advent of big data.
Another particularly valuable inclusion in the OTA report is a section for businesses serving international clientele and navigating a variety of data protection frameworks. With the European Union aggressively pursuing reformed privacy standards – and encouraging the United States to follow its lead – data compliance has become a complex and dynamic issue. The fact that a number of prominent American companies are now outsourcing their data center operations has only heightened the importance of these considerations.
Finally, the report provides concrete recommendations for organizations to approach information security issues from a more data-centric perspective. By providing advice on the basics of computer forensics and data encryption, companies absorbing the OTA’s recommendation may be better prepared to lock down their information regardless of which channels it travels through.
Data Security News from SimplySecurity.com by Trend Micro