The guide recommends completing a privacy and security audit of all data collection activities, including cloud services.
The Online Trust Alliance, a nonprofit organization
representing the Internet ecosystem, announced the release of the "2011
Data Breach Incident Readiness Guide," outlining key questions and
recommendations to help businesses with breach prevention and incident
management. In the wake of increasing levels of data breaches, accidental data
losses and incidents of users' privacy being compromised, the OTA has expanded
its annual report to address the emerging security and privacy threats
impacting businesses throughout the world.
According to the guide, the true test for organizations and
businesses should be the ability to meet challenges such as knowing what
sensitive information is maintained by a company, where it is stored and how it
is kept secure, whether an incident response team is in place ready to respond
24/7, and management team awareness of security, privacy and regulatory
requirements related specifically to the business.
In addition, the guide recommends completing a privacy and
security audit of all data collection activities, including cloud services,
mobile devices and outsourced services, and a communication plan for customers,
partners and stockholders in the event of a breach or data loss incident. The
complete guide is available for immediate download via the organization's Website.
"We live in a digital world where organizations must
defend against data breaches and be prepared to quickly mitigate additional harm
should personal information be compromised," said Washington State
Attorney General Rob McKenna. "We encourage businesses and agencies to
consider the resources provided by the Online Trust Alliance and other
organizations as they develop their own plans to protect sensitive data."
In 2010, more than 400 incidents were reported impacting
over 26 million records for a cost to U.S.
businesses of more than $5.3 billion. Of these, 98 percent were a result of a
server exploit; yet on analysis, 90 percent were avoidable if the
recommendations outlined in the OTA report were in place. OTA research and
industry surveys indicate the data reported is just the tip of the iceberg as a
great majority of breaches continue to occur undetected or unreported.
While the OTA encourages self-regulation and reporting, the trends outlined in
the report suggest the need for broader transparency and self-reporting
"In the past five years, over 525 million records
containing sensitive personal information have been compromised, significantly
undermining the foundation of consumer trust," said Craig Spiezle,
executive director and president of the OTA. "With the onslaught of
criminal and deceptive business activities, we are calling on business leaders
to develop a readiness plan. Those failing to act may be faced with
increased public scrutiny, regulatory pressures and a tarnished brand
The guide aims to raise awareness of the severity of a data
breach while helping businesses and organizations prevent and mitigate data
security and privacy crises. Walking readers through the key points of
designing a data incident plan, the guide offers insights, prescriptive advice
and actionable recommendations for businesses of all sizes.
The guide also aids businesses in creating an internal plan
for what to do in the aftermath of a security breach. Providing plan
fundamentals such as creating a 24-hour response team, developing vendor and
law enforcement relationships, and providing ideas for a crisis communication
plan, the OTA readiness guide gives insights into questions that companies need
to ask themselves to ensure they are taking all the precautions they can.
"The 2011 Data Breach Guide is a key resource for any
business that is committed to ensuring the privacy and security if its
consumers. OTA has done a terrific job at providing the actionable steps
that can help a company avoid a crisis and be ready to respond when one occurs,"
said Jules Polonetsky, co-chair and director of the Future of Privacy Forum.
The OTA "Data Breach Incident Readiness Guide" was
developed in collaboration with and support from the following organizations:
the American National Standards Institute (ANSI),
Center for Democracy & Technology, Email Service & Provider Coalition
(ESPC), Identity Theft Assistance Center (ITAC), Identity Theft Council,
Internet Security Alliance (ISA), LaMagna and Associates, U.S. Chamber of
Commerce, and members of InfraGard Seattle and DC Chapters.