We have long heard about how confidential data can be at risk. Now, a new U.S. survey by the Ponemon Institute drives home the point with hard data. An astonishing 81 percent of companies and governmental entities report having lost or misplaced one or more laptops containing confidential business information within the last 12 months.
The survey, sponsored by data-protection specialist Vontu and aptly titled "Confidential Data at Risk," concludes that a main reason for corporate data security breaches is that many companies simply don't know where their sensitive or confidential business information resides. The survey goes on to summarize that "this lack of knowledge coupled with insufficient controls over data stores" poses "a serious threat to both business and governmental organizations."
The corporate and governmental respondents generally agreed that electronic storage devices contain sensitive or confidential information that is unprotected, with 60 percent stating this to be the case for PDAs and other mobile devices, 59 percent for laptops, 53 percent for USB flash drives, 36 percent for desktops, and 35 percent for shared-file servers.
What's disturbing is that when asked how long it would take to determine what actual sensitive data was on a lost or stolen laptop, desktop, file server or mobile device, the most common answer was "never."
Unfortunately, it turns out this is not entirely surprising, given that 64 percent of respondents concede that their companies never have conducted a data inventory to determine the location of customer or employee information contained in various data stores.
Along these lines, 49 percent of respondents admit that business-related confidential information never has been inventoried as part of usual information technology control processes, and 48 percent state the same with respect to organizational intellectual property.
Wake up, America--this is unacceptable.
All prudent steps must be taken to account for and protect confidential data. The failure to take such steps can compromise the privacy of innocent employees and customers. What's more, it can jeopardize valued business relationships and lead to an organization's crown jewels--its intellectual property--walking out the door. Above all, there's the danger of legal liability.
Let's hope the next time such a survey is conducted, the results will be much improved. But it will take the dedicated efforts of U.S. companies and governmental organizations.
Biography Eric J. Sinrod is a partner in the San Francisco office of Duane Morris. His focus includes information technology and intellectual-property disputes. To receive his weekly columns, send an e-mail to ejsinrod@duanemorris.com with "Subscribe" in the subject line. This column is prepared and published for informational purposes only, and it should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.
There is a reason that "Information Security Management Systems (ISMS)", more specifically ISO 27000 Series (including ISO/IEC 27001 (revised BS 7799 Part 2) and ISO/IEC 17799) was created. To prevent such loss of data. If everybody followed these standards... there would be less confidential data stolen. Only problem is that these very well thought out specifications aren't followed by many... including Governments and Major businesses around the world.
Why CEO's don't insist their companies follow these standards can only be answered by the CEO's themselves.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
As UC Berkeley students, the co-founders of "Back to the Roots" discovered they could grow mushrooms using recycled coffee grounds. Now their mushroom kit sells at grocery stores across the country.
For people who don't have time to tend a Zen garden, the Zen Table will handle the work for you. The table is filled with silicone beads and a robotic system that "rakes" images into the sand.
The Washington State Senate passed a bill that would charge electric car owners $100 per year to compensate for not paying gas taxes. The bill still has to pass the House.
Why CEO's don't insist their companies follow these standards can only be answered by the CEO's themselves.
Walt