Part III: Insider theft and the role of regulation

Computerworld - "Truth be told, everything we've done in the area of extrusion prevention is because of industry regulations. The police were useless in our last extrusion event, and we're developing our self-audit and control capability in order to protect our customer records and actuarial data."
-- General counsel of an insurance company with $8 billion in assets
"We don't invest in extrusion-prevention technology because it's a criminal offense when one of our employee extrudes critical filings. We feel the legal deterrent is sufficient."
-- IT manager at the Securities and Exchange Commission in a Middle Eastern country
Extrusion prevention requires both management and technology controls. The trigger to implementation often lies in government regulation. This article examines the relevance of regulation in the U.S. and in Europe.
Extrusion is the unauthorized transfer of a company's essential digital assets -- credit cards, customer records, transactional information, source code and other classified information.
Regulation can't protect us from extrusion. Uncompromising ethics and good management are prerequisites for protecting a company's digital assets and individuals' private information.
Let's look at the relationships between individuals, companies and regulation:
Privacy regulation trends in the U.S. and Europe
Government-regulated privacy protection of information is a natural response rooted in the field of telecommunications, since countries either own telecommunications businesses outright or tightly regulate their industry. This has largely led to a view of electronic privacy as an issue of citizen rights vs. state legislation and monopoly.
In the Information Age, privacy has two dimensions -- intrusion and extrusion:

• Protection against intrusion by unwanted information such as spam and telemarketing or by criminals, similar to the constitutional protection to be secure in one's home.


• Protection against extrusion by controlling information flows about an individual's or a business's activities, such as preventing identify theft or protecting a company's trade secrets.