martes, 7 de febrero de 2012

Privacy & Data Loss Incident Readiness Planning Guide [OTA]

OTA advocates all that businesses create an incident response plan and be prepared for the likelihood they will experience a breach or data loss in the future.  The fact is breaches happen and often at the worst of times.  Rather than be lulled into the belief it will not happen to your business, a well-designed plan is emerging as an essential part of regulatory compliance, demonstrating that a firm or organization is willing to take reasonable steps to protect data from abuse.  Doing so is good business.  Developing a plan can help to minimize risk to consumers, business partners and stockholders, while increasing brand protection and the long-term viability of a business.
Few events can damage a company’s reputation and consumer trust more than the loss, misuse or breach of personal and sensitive data.  In the past 5 years, it is estimated over 543 million records containing sensitive personal information have been compromised due to breaches.  Such incidents not only harm a company’s brand, but typically increase scrutiny and liability exposure, risking impacting a business’s bottom line.  According to the 2010 Cost of Data Breach Report published by the Ponemon Institute, data breach incidents cost U.S. companies $318 per compromised customer record with an average cost per-incident of $7.2 million.  

Directly related to data security breaches is the impact of key operations which may result from criminals changing passwords, deleting key files and or loss of physical property impacting business continuity.  Planning for incidents and physical disaster helps to identify exposure from internal and external threats.  Synthesizing your hard and soft assets can help provide effective prevention, recovery and system integrity. In addition to cyber-attacks, employee theft and accidents, related incidents include fires, earthquakes, power outages and are proving to be critical scenario planning requirements.  
Incident planning incorporates both data breaches and disaster planning as a part of an organization’s learning effort that helps reduce operational risks, improve information security and corporate reputation risk management practices.  Not unlike training first responders for a physical incident, data managers and cyber responders must be trained, equipped and empowered.  Planning is the key to maintaining online trust and the vitality of the Internet, while helping to ensure the continuity of business.   
Executive support for making data privacy part of the business culture, and for building, testing, and maintaining a DIP, is critical for ensuring that a business is prepared before a breach occurs.  It is also important for executives to acknowledge the need for businesses to work to ensure that their customers have clear, conspicuous, and readable notices which can be easily understood by the target audience of the product or service.  Additionally, consumers must have the ability to permanently opt-out of all collection of their personal data and be provided notice on the use and sharing of any such data after it has been collected.   
OTA encourages all businesses, non-profits and government organizations to make a renewed commitment to data protection and privacy.  Being prepared for a breach is good for your business, your brand and most importantly your customers. 

 Revised January 25, 2012

Resources               Plan Download (PDF)               Press Release               Presentation (PDF)

No hay comentarios: