OTA: 2012 Data Protection and Breach Readiness Guide

Tuesday, January 24, 2012



The Online Trust Alliance Releases 2012 Data Protection and Breach Readiness Guide

In support of Data Privacy Day, new OTA guide helps businesses proactively address customer anxiety and concerns in a time of escalating privacy and data breaches.

In the wake of 2011, which many analysts are calling the “Year of the Breach,” the Online Trust Alliance (OTA) today announced the release of the 2012 Data Protection & Breach Readiness Guide, a comprehensive guide outlining key questions and recommendations to help businesses in breach prevention and incident management.

OTA is unveiling the report today at the 2012 Privacy and Data Protection Town Hall, held in honor of Data Privacy Day. This is the third year the OTA has produced the guide, which provides an analysis of the past year’s security breaches and offers companies a wide range of best practices in data security, privacy and data collection.  

“Last year, more than 125 million people were affected by data loss incidents.  Combined with the increased awareness of these high visibility incidents and aggressive data collection and sharing practices, consumers’ trust and online confidence is under attack. By following the recommendations in this guide we have an opportunity to enhance online trust and promote the vitality of the internet,” said Craig Spiezle, Executive Director and President of the Online Trust Alliance.

Rob McKenna, Washington State Attorney General and 2011-12 President of the National Association of Attorneys General said: “Today’s consumer is often aware of when their personal data is collected and wants to ensure that businesses protect it. The Online Trust Alliance’s resources are a valuable tool for businesses committed to ensuring customers’ privacy and security.”

2011 Highlights

In 2011, over 558 incidents were reported at a cost to U.S. businesses of more than $6.5 billion dollars. It is estimated over 50% were a result of a server exploits; of which 96% were avoidable if the recommendations outlined in the OTA report had been implemented. 

Analyzing public breaches, the average cost incurred by each business was $7.2 million or $318 per user record compromised an increase of over $100 per user record from 2009. These incidents also consumed, on average, over 600 man-hours to remedy.  

Recommendations for Businesses and Organizations

Organizations need to be able to quickly determine the nature and scope of a data incident, take immediate steps to contain it, ensure that forensics capabilities are not hampered and immediately initiate steps to notify regulators, law enforcement officials and the impacted users of the loss.

The OTA 2012 Data Protection & Breach Readiness Guide helps businesses begin creating a Data Incident Plan (DIP) to guide them in the aftermath of a security breach.

“Businesses need to look holistically at data privacy and ask, ‘What is the compelling business reason to keep customer data?’ When you have a data incident, the more data you have stored – and compromised – the more damaging it can be for both the individual and the company. The OTA guide gives key insights into questions that companies need to ask themselves to protect their customers and delivers information for any business developing, implementing, or updating their privacy policies and notices,” said John Roberson, Executive Director, Small Business Development Resource Center, Chicagoland Chamber of Commerce.  

“The Internet has become the land of opportunity for scams and, unfortunately, we see thousands of them every year,” notes Genie Barton, Vice President of the Council of Better Business Bureaus and director of its Online Behavioral Advertising Program.

“Consumers need assurances that they can trust the companies they do business with to secure their data, and the OTA Data Protection & Breach Readiness Guide is a great tool to help businesses protect themselves and their customers. BBB is happy to recommend it to businesses large and small, and we are delighted to help build a safer Internet for all by supporting excellent initiatives such as this guide.”  

"The OTA's 2012 Data Protection and Breach Readiness Guide provides an invaluable tool for businesses to protect one of their most important assets - their customers' personal data," said Chris Babel, CEO, TRUSTe.

"Having best practices in place - such as those outlined in the OTA guide - are critical to increase online consumer confidence, as well as ensure the success of emerging and innovative online markets spanning advertising, cloud, mobile and web channels. TRUSTe greatly values the ongoing and collaborative work of the OTA in building online trust."

What’s new in the 2012 Guide:

A sample data loss plan outline, along with links to examples of full plans Computer forensics and encryption basics Considerations for companies operating in -- or with -- customers in the EU and Canada Information on data minimization and data destruction A review of data classification .

The complete guide is may be downloaded at no-charge. OTA will be hosting a free webinar reviewing the findings on Wednesday, January 25. Registration & More Information. 

About The Online Trust Alliance (OTA)

OTA’s mission is to develop and advocate best practices, public policy and self-regulation to mitigate emerging privacy, identity and security threats to online services, brands, government, organizations and consumers.  By enhancing online trust and confidence, we can realize the potential of the internet, promote innovation and the vitality of commerce.

Source:  https://otalliance.org/news/releases/DataBreach2012.html

Possibly Related Articles:
Enterprise Security
breaches Privacy Enterprise Security Data Loss Prevention Headlines Guidelines Information Security International Data Privacy Day Consumers OTA Online Trust Alliance Data Protection Craig Spiezle Protection and Breach Readiness Guide
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.