sábado, 29 de enero de 2011

2011 Data Breach & Loss Incident Readiness Guide [OTA]

011 Data Breach & Loss Incident Readiness Guide to Help Businesses Protect Online Trust & Confidence
In support of Data Privacy, the OTA guide addresses emerging security and privacy threats, providing prescriptive guidance and questions every executive must ask
Seattle, Washington – January 25, 2011 – The Online Trust Alliance (OTA) today announced the release of the 2011 Data Breach Incident Readiness Guide, a comprehensive guide outlining key questions and recommendations to help businesses in breach prevention and incident management. In the wake of increasing levels of data breaches, accidental data losses and incidents of users’ privacy being compromised, OTA has expanded its annual report to address the emerging security and privacy threats impacting businesses throughout the world. 
With the White House, members of Congress, Commerce Department and the FTC calling for greater privacy controls and breach notifications, the OTA guide represents a significant self-regulatory effort to enhance data stewardship and consumer trust and ultimately the long-term vitality of commerce.
Washington State Attorney General Rob McKenna says: “We live in a digital world where organizations must defend against data breaches and be prepared to quickly mitigate additional harm should personal information be compromised. We encourage businesses and agencies to consider the resources provided by the Online Trust Alliance and other organizations as they develop their own plans to protect sensitive data.”  
“In the past 5 years, over 525 million records containing sensitive personal information have been compromised, significantly undermining the foundation of consumer trust,” said Craig Spiezle, Executive Director and President of the Online Trust Alliance.  “With the onslaught of criminal and deceptive business activities, we are calling on business leaders to develop a readiness plan.  Those failing to act may be faced with increased public scrutiny, regulatory pressures and a tarnished brand reputation.”
According to the OTA’s 2011 Data Breach Incident Readiness Guide, the true test for organizations and businesses should be the ability to answer key questions such as:
  • Do you know what sensitive information is maintained by your company, where it is stored and how it is kept secure?   
  • Do you have an incident response team in place ready to respond 24/7?   
  • Are management teams aware of security, privacy and regulatory requirements related specifically to your business? 
  • Have you completed an audit of all data collection activities, including cloud services, mobile devices and outsourced services?
  • Are you prepared to communicate to customers, partners and stockholders in the event of a breach or data loss incident?  
2010 Highlights In 2010, over 400 incidents were reported impacting over 26 million records for a cost to U.S. businesses of over $5.3 billion dollars.  Of these, 98% were a result of a server exploit; yet on analysis, 90% were avoidable if the recommendations outlined in the OTA report were in place.  OTA research and industry survey indicates the data reported is just the tip of the iceberg as a great majority of breaches continue to occur undetected or unreported.  While OTA encourages self-regulation and reporting, the trends outlined in the report suggest the need for broader transparency and self-reporting requirements.   

PRESS RELEASE (PDF 183 KB)                        2011 Report  (PDF KB)               

No hay comentarios: