Monday, January 28 was Data Privacy Day, and the non-profit Online Trust Alliance (OTA) commemorated the occasion by releasing its free ‘2013 Data Protection & Breach Readiness Guide’. The OTA is also highlighting the day of international data privacy awareness by holding two town hall meetings – first in New York today, then tomorrow in Seattle.
The 33-page guide aims to “help businesses understand the evolving privacy landscape, to enhance data security and to develop data loss incident plans”, according to a statement from the OTA. The non-profit’s analysis of worldwide data loss incidents tracked by the Open Security Foundation showed that 242.6 million records were potentially compromised in 2012, “yet more than 97% of the incidents could have been avoided by implementing simple steps and following best practices and internal controls”, the OTA asserted. “While businesses typically focus on external threats, 26% of the reported breaches were the result of employee threats or accidental disclosures, indicating a need for more internal controls and employee training”, the organization added.
“As citizens increasingly rely on the internet for their personal and business lives, businesses are looking to implement safeguards to enhance the protection of their data from abuse and potential identity theft”, noted Washington State Attorney General Bob Ferguson, one of the speakers at this week’s town hall meetings. He added: “Working together, we can assist businesses and implement voluntary best practices to help protect consumers from harm while holding cybercriminals accountable. The efforts outlined by OTA are important steps towards reaching this goal.”
The guide, and the town hall events, are as much about data breach recovery as they are prevention. Data put forth by the OTA indicates that in 2012, businesses spent more than $8 billion to respond to these security incidents.
“Organizations of all sizes and in both the public and private sectors have an obligation to make privacy and data protection part of their value proposition”, commented Craig Spiezle, executive director and president of the OTA, in a statement. He continued: “Being stewards of data and having a comprehensive data breach plan is the responsibility of every executive.”
In related Data Privacy Day news, the non-profit certification body, ISACA, announced the formation of a Privacy Advisory Task Force that it said will “drive research, guidance, and advocacy” regarding the data privacy needs of both private and public sector organizations. ISACA pointed out the costs associated with the compromise of personal data, highlighting the recently finalized rule from the US Department of Health and Human Services that requires business partners of healthcare organizations to comply with its data security and privacy regulations. Under the new rule, HHS has raised penalties for noncompliance, based on the level of negligence, to a maximum penalty of $1.5 million per violation.
Commenting on the role of the new ISACA task force, the organization’s international vice president, Jeff Spivey, said “the current debate about data privacy is just the tip of the iceberg”. Citing new technological capabilities such as Big Data and mobile devices, Spivey noted that organizations “will experience growing pressure to collect and share private information”, adding that “companies want guidance on how to strike the right balance between profiting from data and protecting data”.