E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: ShredStation

Posted on December 29, 2008

      In the first 11 months of 2008 there have been a record number of corporate data breaches - 588 companies have been responsible for compromising the private information of more than 33 million people. Beyond the damaged or lost relationships with customers and the bad publicity, there are legal and economic consequences that can compound the issue. Fines can range from $1,000 to $2,500 per individual record compromised.

      "There has been more prosecution in the last six months than there has been in the last six years," said Bob Johnson, Executive Director of the National Association for Information Destruction (NAID).

      As the number of data breaches continues to rise, ShredStation, a leader in business and residential information destruction services, suggests companies consider the following Information Security New Year's resolutions:

Resolution 1 - I will protect my electronic assets

      According to law enforcement and private research groups, anywhere from 600,000 to 1.5 million laptops are stolen or lost each year. To make matters worse, the FBI reports that 97 percent of stolen laptops are never recovered. Protecting laptops in the workplace is a vital part of maintaining information security. If possible, lock computers to workstations. At the very least, use a security token that requires the user to input a randomly generated password to log in and access company information.

Resolution 2 - I will create a formal document destruction plan

      Digging through the trash or "dumpster diving" is completely legal and unfortunately one of the most frequent ways data breaches occur. The Fair and Accurate Credit Transaction Act (FACTA) requires that companies not only destroy documents containing sensitive customer and employee information, but also prove they have a formal destruction policy in place.

Resolution 3 - I will develop policies for my employees' mobile devices

      Blackberrys, thumbdrives and PDAs have become common in the workplace. However, many companies have no system in place to monitor what information their users are storing. Employees need to be educated about what should and should not be on a device that is used outside of the workplace. Proprietary, private or financial information should be stored only if absolutely necessary. It's also imperative that the sensitive information be password-protected should the device be lost or stolen.

Resolution 4 - I will take inventory of my computer data

      According to a study conducted by the Ponemon institute in 2006, 64 percent of surveyed companies admitted they had never done an inventory of data stored on their computers. Additionally, as many as 30 percent of those companies admitted they'd have no real way of predicting what information they've lost from a stolen computer. Without knowing what you had you can't know what's missing. Conduct a quarterly audit of the information stored on your company computers, specifically laptops since they're the most likely to be misplaced.

Resolution 5 - I will destroy my company's end-of-life electronics

      Most businesses have a back room that serves as a computer graveyard -a place where old and outdated computers are stored. Many companies fail to properly sanitize or destroy hard drives in these computers, leaving a wealth of private company, customer and employee information there for the taking. If this information falls into the wrong hands, the company could face steep fines for privacy legislation violations.

      "The average cost of a data breach for a public company has risen to $6 million," said Al Villamil, President of ShredStation, Inc. "What a lot of companies fail to consider is that a breach doesn't just mean a fine, it means attorney fees, customer communication, lost customers, call center support and customer credit monitoring -not to mention a PR nightmare. The New Year is a great time for businesses to start taking a hard look at their policies and begin to take a more proactive approach to protecting their private information."

About Corporate Data Breaches

      According to a recent survey from the Ponemon Institute, 59 percent of customers said they would terminate or strongly consider terminating their relationship with any company that encounters a data breach. In 2006, the average cost for one customer record was $182, a 30 percent increase from the previous year. According to Tech//404, a liability insurance company, the estimated cost for a data breach (when 10,000 records have been compromised) is more than $1.6 million after factoring in everything from legal fees and customer notification to media management and fines.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.