[Dataloss] Firms play Data Protection roulette
lyger
lyger at attrition.org
Sat Jul 8 16:04:44 EDT 2006
http://www.networkworld.com/news/2006/070506-firms-play-data-protection.html?nlhtsec=070306securityalert3
By Radhika Praveen, TechWorld, 07/05/06
Large numbers of companies are taking risks with data protection, because
they are not aware of the requirements of the law.
Nearly half (44%) of companies use live data in test environments --
something the 1998 Data Protection Act warns against explicitly, according
to a recent survey of IT directors by Compuware.
Half the directors (48%) were only 'vaguely familiar' with the Act itself,
according to the research, which highlights the importance of
understanding the demands and keeping track of how customer data is
treated.
A further "83% used only minimal measures such as using non disclosure
agreements (NDA) to control data when outsourcing," said Ian Clarke, world
wide enterprise solutions director at Compuware.
NDAs are all very well, but companies find it difficult to communicate the
complex legal terms to their employees or to outsourcing partners, said
the survey report. "Unless they have rigorous procedures in place, they
run the risk of live data being leaked to third parties. This can have
severe repercussions on customer confidence and company reputation, and
ultimately affect the bottom line," Clarke added.
An NDA doesn't mean a lot when an employee in an outsourcing company in
India for example who earns $100-a-day can earn much more by selling
confidential data, he said.
[...]
More information about the Dataloss
mailing list