Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Are companies prepared for fallout from a security breach?

September 1, 2005 12:00 PM ET

Computerworld - There are some very positive trends in corporate privacy and data-protection practices, according to the Ponemon Institute's recently completed 2005 Benchmark Study of Corporate Privacy Practices. However, there are also gaps that could trip up the best-intentioned company when faced with a breach.
The study, which looks at 68 organizations based in North America, focuses on eight issues: privacy policy, communications and training, privacy management, data security methods, privacy compliance, choice and consent, global standards, and redress. It was sponsored by Vontu Inc. and conducted with support from the International Association of Privacy Professionals.
On a positive note, 56% of the respondents now attempt to integrate information security and privacy activities. This is a 10% increase from 2003. Admittedly, this integration is often defined as a loose rather than a formal program of integration and alignment.
More than 80% of responding companies stated that they have privacy or data-protection strategies, and 70% conduct an inventory of personal data that's collected, used, shared and stored to assess compliance risk areas.
More companies are using technologies such as encryption, firewalls and antivirus software to protect sensitive data. Between 2003 and 2005, there was a 19% increase in the use of encryption in the transfer of employee records. A smaller but growing number of companies appear to be using privacy technologies as part of their compliance programs.
While these practices help companies mitigate security breach risks, according to our study, only 31% of companies have instituted a formal notification procedure in the event of a privacy crisis. In addition, there has been no substantive improvement in the number of companies that have redress mechanisms for consumers who have complaints or questions about a company's commitment to protect their personal information. In our 2003 survey, 32% of companies reported having a redress process, and in 2005, it was 33%.
Trust is fragile
Our institute conducts several nationwide studies of consumers each year that seek to determine which companies are most trusted for privacy and data protection. In our Most Trusted Companies for Privacy Survey conducted in 2004 and 2005, we asked consumers to list the companies that they believed to be "most trusted" and "least trusted" for honoring privacy commitments.
We thought it would be interesting to look at the rankings of 14 organizations that reported a data-security breach during 2005. For purposes of confidentiality, the names of these companies haven't been disclosed. All of these companies were ranked on the "most trusted" list in both the 2004 and 2005 surveys. We wanted to



Jump to comments

Privacy

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.