An InformationWeek article indicates that companies are behind in implementing encryption to protect customer and employee data. The article also states:
"We had hoped that the ongoing parade of high-profile data losses would set most companies on the road to comprehensive privacy protection. So we were discouraged that the only actions to safeguard customer data that are used by more than half of companies are ... informing employees of standards and putting a privacy policy on the Web site. Fine steps, but they don't exclude the need for encryption (used by 34%) or privacy policy audits (25%). Amazingly, 11% say they have no privacy safeguards for customer data. Zip. Zero."
I think encryption is only one of the many steps you can take, an even better approach is to have risk management programs in place that allow you to understand what data you are collecting, and making sure you have a real business need to store it -- for example, why does your HR department even need all of the personal information they collect from a potential job applicant if they don't follow-up on 98% of the resumes they receive?
Understanding ways to mask and minimize the amount of data you collect, while still achieving the goal of the business should be the first priority of any organization's data owners.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment