In an effort to support Data Privacy Day which takes place on Jan 28, 2011, the Online Trust Alliance (OTA) today released its 2011 Data Breach Incident Readiness Guide. The guide addresses emerging security and privacy threats, providing prescriptive guidance and questions every executive should ask to help businesses in breach prevention and incident management.
With the White House, members of Congress, Commerce Department and the FTC calling for greater privacy controls and breach notifications, the OTA guide represents a significant self-regulatory effort to enhance data stewardship and consumer trust and ultimately the long-term vitality of commerce.
“We live in a digital world where organizations must defend against data breaches and be prepared to quickly mitigate additional harm should personal information be compromised. We encourage businesses and agencies to consider the resources provided by the Online Trust Alliance and other organizations as they develop their own plans to protect sensitive data,” said Rob McKenna, Washington State Attorney General.
“In the past 5 years, over 525 million records containing sensitive personal information have been compromised, significantly undermining the foundation of consumer trust,” said Craig Spiezle, Executive Director and President of the Online Trust Alliance. “With the onslaught of criminal and deceptive business activities, we are calling on business leaders to develop a readiness plan. Those failing to act may be faced with increased public scrutiny, regulatory pressures and a tarnished brand reputation.”
According to the OTA’s 2011 Data Breach Incident Readiness Guide, the true test for organizations and businesses should be the ability to answer key questions such as:
1. Do you know what sensitive information is maintained by your company, where it is stored and how it is kept secure?
2. Do you have an incident response team in place ready to respond 24/7?
3. Are management teams aware of security, privacy and regulatory requirements related specifically to your business?
4. Have you completed a privacy and security audit of all data collection activities, including cloud services, mobile devices and outsourced services?
5. Are you prepared to communicate to customers, partners and stockholders in the event of a breach or data loss incident?
In 2010, over 400 incidents were reported impacting over 26 million records for a cost to U.S. businesses of over $5.3 billion dollars. Of these, 98% were a result of a server exploit; yet on analysis, 90% were avoidable if the recommendations outlined in the OTA report were in place. OTA research and industry survey indicates the data reported is just the tip of the iceberg as a great majority of breaches continue to occur undetected or unreported. While OTA encourages self-regulation and reporting, the trends outlined in the report suggest the need for broader transparency and self-reporting requirements.
Recommendations for Businesses and Organizations
The OTA Data Brach Incident Readiness Guide aims to raise awareness of the severity of a data breach while helping businesses and organizations prevent and mitigate data security and privacy crises. Walking readers through the key points of designing a Data Incident Plan (DIP), the guide offers insights, prescriptive advice and actionable recommendations for businesses of all sizes. The guide aids businesses in creating an internal plan for what to do in the aftermath of a security breach. Providing plan fundamentals such as creating a 24-hour response team, developing vendor and law enforcement relationships, and ideas for a crisis communication plan, the OTA readiness guide gives key insights into questions that companies need to ask themselves to ensure they are taking all the precautions they can.
“The 2011 Data Breach Guide is a key resource for any business that is committed to ensuring the privacy and security if its consumers. OTA has done a terrific job at providing the actionable steps that can help a company avoid a crisis and be ready to respond when one occurs,” said Jules Polonetsky, Co-chair and Director of the Future of Privacy Forum.
The OTA Data Breach Readiness Guide was developed in collaboration and with support from the following organizations: the American National Standards Institute (ANSI), Center for Democracy & Technology, Email Service & Provider Coalition (ESPC), Identity Theft Assistance Center (ITAC), Identity Theft Council, Internet Security Alliance (ISA), LaMagna and Associates, US Chamber of Commerce and members of InfraGard Seattle and DC Chapters.
The Online Trust Alliance (OTA) is a global non-profit organization representing the Internet ecosystem, supporting user choice and controls, protection of critical infrastructure, privacy and data governance, promoting marketing best practices and self-regulation. The OTA’s mission is to develop and advocate best practices and public policy which mitigate emerging privacy, identity and security threats to businesses, online services, brands, government agencies, organizations and consumers, thereby enhancing online trust and confidence.
The complete guide is available for immediate download here.