Software // Information Management
News
1/2/2008
07:18 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Data Breaches: Getting Worse Or Better?

Tabulating the number of records exposed is difficult because in 56% of the 2007 breaches reported, there was no accurate count of the number of records exposed.

The year 2007 may or may not have been a record-setting year in terms of data breaches. Whether it was or wasn't depends on how one counts.

The Identity Theft Resource Center put the number of publicly reported data breaches in the United States at 446 for the year. It identified 312 data breaches in 2006 and 158 in 2005.

That appears to show an upward trend, if such a thing can hinge on a mere three data points, and that more data breaches occurred in 2007 than at any time since 2003, when data breach reporting laws like California's SB 1386 took effect.

But a blogger who insists on going by the name Dissent and maintains a blog that tracks data breaches insists the opposite is true.

Based on his or her analysis of data breach statistics compiled by three sources -- Attrition.org, Privacy Rights Clearinghouse, and the Identity Theft Resource Center -- Dissent points out inconsistencies in counting methodologies and argues that without the TJX breach (parent company to T.J. Maxx and others), which skews the statistics by virtue of its extreme size, two of the three sources show a decrease in data breach incidents and in records exposed.

Rex Davis, director of operations for the Identity Theft Resource Center, concedes Dissent makes some valid points, like the fact that the organization began counting paper-based data breaches in 2007.

But Davis also points out that tabulating the number of records exposed is difficult because in 56% of the 2007 breaches reported, there was no accurate count of the number of records exposed. "How can you say the number of records is going up or down when it's not reported?" he said.

Reasonable people can also disagree about the year in which data breaches should be counted. Davis said his organization prefers to go by the date of publication. "We chose the publication date for 2007 rather than the incident date," he said. "A lot of times we can't even get an incident data. TJX is great example."

But as Dissent points out, if TJX were counted in the year 2006 or 2005, 2007 would look at lot better.

While Dissent's assessment of data from Attrition.org and Privacy Rights Clearinghouse suggests a decline in the number of data breach incidents, the ITRC is sticking with its incident figures. "If you're talking about the number of events, it's the worst year we've been able to record, even if you add the 80 we left out in 2006," said Davis.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.