E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: SecurityNewsDaily

Posted on January 31, 2011

January 28 was the third annual Data Privacy Day, sponsored by Microsoft, Intel, Visa and Google and recognized by governments across North America and Europe.

In honor of the event, the Online Trust Alliance, a nonprofit organization promoting security compliance in online communications, wants to prove that the term "digital privacy" is not an oxymoron.

After a year of increased reports of data breaches, accidental data losses and incidents of compromised user privacy, OTA has just released its 2011 Data Breach Incident Readiness Guide, meant to provide a roadmap for businesses on how to best protect sensitive information.

"In the past five years, over 525 million records containing sensitive personal information have been compromised, significantly undermining the foundation of consumer trust," Craig Spiezle, executive director and president of the Bellevue, Wash., group, said in a press release. "With the onslaught of criminal and deceptive business activities, we are calling on business leaders to develop a readiness plan. Those failing to act may be faced with increased public scrutiny, regulatory pressures and a tarnished brand reputation."

In 2010, over 400 incidents of data breaching were reported, involving over 26 million records, for a cost to U.S. businesses of over $5.3 billion, according to the OTA's report. Of these incidents, 98 percent came from exploitation of servers. Yet the OTA said 90 percent of them could have been avoided if the recommendations outlined in the OTA report had been adopted.

Research and industry surveys by the OTA indicate the number of reported incidents was just the tip of the iceberg, as a great majority of breaches continued to occur undetected or unreported.

While the OTA encourages self-regulation and reporting by online businesses, the trends outlined in the report suggest the need for broader transparency and self-reporting requirements.

When creating a readiness plan, Spiezle recommends that businesses take the following steps:
1. Get "executive buy-in." Make sure the company's top officers are all on the same page regarding security and privacy plans.
2. Audit and inventory the data that all groups within a company have. Some of this may include data that individuals have collected but never documented.
3. Validate the needs for the data and how needs are accessed. (Is there a real business purpose?)
4. Review security practices suggested by the OTA. Validate what can be done immediately versus what can be done over 30-60 days.
5. Assemble a working group to review process and procedure.
6. Develop a plan and empower an incident-response team.

Because so much of the data that needs protection is personally identifiable information belonging to customers, consumers have a right to know how a company is protecting their privacy.

When dealing with any business, Spiezle told SecurityNewsDaily, customers need to understand what data the company is collecting, how that information is collected and tracked, how it is used, and if and how it is shared with third parties.

The OTA recommends that businesses move toward "a standard format, so consumers can make an informed choice," he said. "For example, think of a food nutrition label or a car sticker. The information is clear and comparable."

Customers, by sharing their concerns with companies, can encourage companies to take steps to protect online privacy. "Data and privacy is the currency of the digital market place," said Spiezle. "Data stewardship is good business for the consumer, the business, and the long-term vitality of Internet-based services and commerce."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.