In support of Data Privacy, the OTA guide addresses emerging security and privacy threats, providing prescriptive guidance and questions every executive must ask
Seattle, Washington – January 25, 2011 – The Online Trust
Alliance (OTA) today announced the release of the 2011 Data Breach Incident
Readiness Guide, a comprehensive guide outlining key questions and
recommendations to help businesses in breach prevention and incident
management. In the wake of increasing levels of data breaches, accidental
data losses and incidents of users’ privacy being compromised, OTA has
expanded its annual report to address the emerging security and privacy
threats impacting businesses throughout the world.
With the White House, members of Congress, Commerce
Department and the FTC calling for greater privacy controls and breach
notifications, the OTA guide represents a significant self-regulatory effort
to enhance data stewardship and consumer trust and ultimately the long-term
vitality of commerce.
Washington State Attorney General Rob McKenna says: “We
live in a digital world where organizations must defend against data
breaches and be prepared to quickly mitigate additional harm should personal
information be compromised. We encourage businesses and agencies to consider
the resources provided by the Online Trust Alliance and other organizations
as they develop their own plans to protect sensitive data.”
“In the past 5 years, over 525 million records containing
sensitive personal information have been compromised, significantly
undermining the foundation of consumer trust,” said Craig Spiezle, Executive
Director and President of the Online Trust Alliance. “With the onslaught of
criminal and deceptive business activities, we are calling on business
leaders to develop a readiness plan. Those failing to act may be faced with
increased public scrutiny, regulatory pressures and a tarnished brand
reputation.”
According to the OTA’s 2011 Data Breach Incident
Readiness Guide, the true test for organizations and businesses should be
the ability to answer key questions such as:
-
Do you know what sensitive information is maintained by your company, where it is stored and how it is kept secure?
-
Do you have an incident response team in place ready to respond 24/7?
-
Are management teams aware of security, privacy and regulatory requirements related specifically to your business?
-
Have you completed an audit of all data collection activities, including cloud services, mobile devices and outsourced services?
-
Are you prepared to communicate to customers, partners and stockholders in the event of a breach or data loss incident?
2010 Highlights In 2010, over 400
incidents were reported impacting over 26 million records for a cost to U.S.
businesses of over $5.3 billion dollars. Of these, 98% were a result of a
server exploit; yet on analysis, 90% were avoidable if the recommendations
outlined in the OTA report were in place. OTA research and industry survey
indicates the data reported is just the tip of the iceberg as a great
majority of breaches continue to occur undetected or unreported. While OTA
encourages self-regulation and reporting, the trends outlined in the report
suggest the need for broader transparency and self-reporting requirements.
PRESS RELEASE (PDF
183 KB)
2011 Report (PDF KB)
No hay comentarios:
Publicar un comentario