After 2011 was deemed the “Year of the Breach,” you would think data security and privacy would be top priorities for companies doing business online.
It’s fundamentally important
that data stewardship, privacy and security no longer become siloed.
But still not enough is being done about online data protection, said Craig Spiezle, executive director and president of the Online Trust Alliance (OTA).
“It really comes down to the collection, use and, in many ways, the misuse of the data,” Spiezle said. “Today, with data a digital currency, businesses need to take a more holistic view of their data policies -- how they use it, how they protect it, how they share it.”
The OTA has released the 2012 Data Protection & Breach Readiness Guide. The guide encourages businesses to examine and learn best practices as part of their data protection strategies, with advice on how to determine how much data to collect, how long to keep it and even when to destroy it.
The OTA also provides guidelines regarding minimizing data collection, enhancing data protection and creating customer-centric incident response plans. Ignoring these steps opens up the possibility of a data breach that can have devastating consequences to a business, according to the OTA.
“If your business lacks an emergency plan, a natural disaster can turn into a business catastrophe,” said Katherine Hutt, spokesperson for the Council of Better Business Bureaus. “But a solid emergency plan can give you a lot of peace of mind and a greater sense of security.”
TRUSTe CEO Chris Babel said strong privacy practices are important to help companies protect customers’ data. This includes being prepared for the worst, and accepting the reality that despite all your precautions, a data breach incident can occur.
The OTA Data Breach Guide provides analysis and comprehensive strategy to help companies proactively and reactively address breaches, Babel said.
“It also recognizes the importance of having an incident plan in place before data breaches occur -- because of the impact that a data breach can have on a company’s brand and its relationships with customers,” Babel said.
Why data breach incidents are on the rise
There are several reasons for the recent increase in data vulnerability, Spiezle said. For one, cybercriminals have become sophisticated and precise by targeting specific companies. Organizations are also simply accumulating and relying on more data than ever before, increasing opportunities for a data breach.
Adding to these challenges is the increased use of outsourcing and cloud services. Businesses need to validate and monitor not only their own data protection strategies, but also their vendors’.
“Combined, it orchestrates this ‘perfect storm’ analogy that puts business data at risk,” Spiezle said.
These factors also increase the likelihood that the number and severity of breaches with resulting identity thefts will continue to grow in 2012. A well-designed plan is an essential part of regulatory compliance, demonstrating that a firm or organization is willing to take reasonable steps to protect data from abuse, Spiezle said.
The OTA guide contains best practices for securing customer data, with information on data governance and loss prevention, incident response plans and how to develop an in-house data breach prevention program, according to Babel.
More on data security
“These best practices and recommendations are relevant to companies of all sizes -- a brick-and-mortar store that handles customer personal information will find this guide just as relevant as a large firm that processes personal data on a global scale,” Babel said.
These best practices help businesses develop data protection strategies that help minimize risk to consumers, business partners and stockholders, while increasing brand protection and the bottom line, said Spiezle. These efforts should include broader transparency and more detailed reporting requirements, from the leaders of the organization on down.
“It’s fundamentally important that data stewardship, privacy and security no longer become siloed,” Spiezle said. “It really needs to be across a company’s discipline.”