Few events can damage a company‟s reputation and cause the loss of consumer trust faster than the misuse or breach of personal and sensitive data. Once that damage has been done, it is very difficult and time resource consuming to turn the boat around. Over 525 million records containing sensitive personal information have been compromised due to breaches in the last 5 years alone. The Online Trust Alliance (OTA) has just announced the release of their 2011 Data Breach Incident Readiness Guide to outline key questions and recommendations for businesses to consider integrating into their baseline framework.
The OTA’s mission is to develop and advocate best practices and public policies which mitigate emerging privacy, identity and security threats to online services, organizations and consumers, enhancing online trust and confidence. By facilitating an open dialog with industry, business and governmental agencies to work collaboratively, OTA is making progress to address various forms of online abuse, threats and poor security practices.
Depending on your industry, size, and the type of data collected, your requirements may vary, and you should consult with specialists to aid you in planning. This document provides a comprehensive framework, outlining key questions and recommendations to help businesses build breach prevention and incident management practices. OTA has expanded its annual report to address the emerging security and privacy threats impacting businesses throughout the world. With the White House, members of Congress, Commerce Department and the FTC calling for greater privacy controls and breach notifications, the OTA guide represents a significant self-regulatory effort to enhance data stewardship, consumer trust and ultimately the long-term vitality of commerce.
According to the OTA’s 2011 Data Breach Incident Readiness Guide, the true test for organizations and businesses should be the ability to answer key questions such as:
- Do you know what sensitive information is maintained by your company, where it is stored, and how it is kept secure?
- Do you have an incident response team in place ready to respond 24/7?
- Are management teams aware of security, privacy and regulatory requirements related specifically to your business?
- Have you completed an audit of all data collection activities, including cloud services, mobile devices and outsourced services?
- Are you prepared to communicate to customers, partners and stockholders in the event of a breach or data loss incident?