As discussed in January’s technology feature, there is no shortage of threats to the security of the private information in the hands of your company. With incomplete guidelines for best practices, and only a small set of what-not-to-do case studies to navigate by, organizations can quickly find themselves at the mercy of private litigation, or the subject of enforcement from the Federal Trade Commission. Ignorance of data security is no longer a sufficient excuse for its compromise.
But it’s also incredibly difficult to say where or what the next breach will be. While there is a tendency to focus on the technology breach, information loss is still subject to physical compromise and malicious activity from insiders. Adnan Amjad, partner at Deloitte & Touche and an expert on security and privacy, points out that it’s not just the volume of data incidents happening, but the strategy that would be theirs are employing.
What to do
Organizational structure is only one avenue of protection businesses have at their disposal. The way to combat individual threats and the mindset they adopt when dealing with data loss issues is also essential to companies’ success in mitigating the loss of their private information. Legal departments relying on outside counsel need to remain cognizant as they pass information to and from those firms.