Sensitive information leaked can equal a scandal for companies. Besides the obvious loss of customer trust, reputation, sales and lowered stock price, the non-compliance fines can spell real trouble for an unwitting business. Audit committees are voracious about protecting customer-related information and corporate sensitive data.
Companies are required to comply with data-privacy regulations, best practice requirements and industry guidelines regarding the usage and access to customer data. Privacy requirements for protecting non-public personal information include: selective encryption of stored data, separation of duties, proper access control and centralized independent audit functions.
Data security is not an option – it is mandatory according to government legislation and industry regulations. For example, the U.S. Gramm-Leach-Bliley Act (GLBA) requires financial institutions and their partners to protect non-public personal data while in storage, while implementing a variety of access and security controls. Failure to comply with GLBA results in big regulatory fines for the financial institution. Equally damaging, the CEOs and directors can be held personally responsible and legally liable for any misuse of personally identifiable non-public information.
There are $4 million in losses quoted as the annual estimated loss from security breaches according to the Computer Security Institute (CSI) Computer Crime and Security Survey. Further it was revealed that over half of the databases have some kind of breach on a yearly basis. Being that these are only the security problems that companies are reporting, this percentage is staggeringly high. Organizations don’t want to advertise the fact that their internal people have access to customer data and can cover up their tracks, take that data, give it to anybody, and stay undetected and employed while a crime is committed.
