Ipswitch Blog

Senator to businesses: Protect data or pay

| September 22, 2011 | Data Breach, Enforcement, Managed File Transfer, Secure File Transfer, Visibility

As George Hulme recently wrote, the vision of Senator Richard Blumenthal’s data breach legislation is simple enough:  Protect individuals’ personally identifiable information from data theft, and penalize firms that don’t adequately secure their customers’ information.

Clearly, there’s a need for organizations to better secure confidential and private customer information.  It seems that a week rarely passes without a new high-profile data breach in the news.  In fact, 2011 is trending to be the worst-ever year for data breaches.  And that is despite many U.S. states introducing legislation that expands the scope of state laws, sets stricter requirements related to notification of data breaches involving personal information, and increases penalties for those responsible for breaches.

The need to protect customer data is unanimously shared by honest people worldwide…. The issue is HOW to effectively govern and enforce the various data protection requirements and laws?

I agree with Senator Blumenthal’s concept of establishing “appropriate minimum security plans”…. But color me skeptical on the government’s ability to appropriately monitor and enforce those plans, especially after witnessing the mighty struggles at effectively governing the dozens of state laws already on the books.

My skepticism is shared by many, including Mark Rasch, director of cybersecurity and privacy consulting at Computer Sciences Corporation:  “The devil is in the details with these laws.  We’ve had regulations, from Gramm-Leach-Bliley to HIPAA, that purport to help protect consumer data.  Companies are already victims in these attacks, so why are we penalizing them after a breach?  I think that’s because it’s easier to issue fines than it is to track down the criminals and go after them.”

In my opinion, business leaders need to prioritize their own internal efforts to properly protect sensitive information rather than wait on the government to catch up.  First order of business is to identify where confidential files and data live in your organization and ensure visibility of that info (after all, how can you protect what you don’t know about?).  Fortunately, there are technology solutions available to help organizations better manage and govern their critical files and data as they are being moved and consumed both internally and with business partners and across people, systems and various business applications.

How IT Pros Can Save 30 Minutes a Day

How IT Pros Can Save 30 Minutes a Day

Implementing Compliance for Data Privacy in Regulated Industries

Free Webinar: Implementing Compliance for Data Privacy in Regulated Industries
[ do default stuff if no widgets ]

Leave a Reply

Your email address will not be published. Required fields are marked *

Ipswitch Blog

This post was written by Ipswitch Blog

Ipswitch helps solve complex IT problems with simple solutions. The company’s software has been installed on more than 150,000 networks spanning 168 countries to monitor networks, applications and servers, and securely transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America.