Software // Enterprise Applications
News
5/6/2005
03:50 PM
50%
50%

Information Vendors Back Disclosure Law

The loss or theft of customer data highlights the need for better security

The controversy surrounding lapses in personal-data protection intensified last week, as executives from Bank of America, ChoicePoint, and LexisNexis attempted to explain to Congress losses or thefts that involved hundreds of thousands of customer files.

Time Warner Inc. revealed that tapes containing names, Social Security numbers, and other personal data on 600,000 current and former employees disappeared on March 22 while being shipped to an off-site storage center run by Iron Mountain Inc. So far, there's no evidence that the tapes or their contents have been misused.

Iron Mountain says it has had four cases this year of human error that resulted in the loss of customers' backup tapes; the company performs more than 5 million pickups and deliveries of backup tapes each year.

Maybe the time has come for all companies to encrypt tape data, says Jay Wessel, senior director of technology for the Boston Celtics

Maybe the time has come for all companies to encrypt tape data, says Jay Wessel, senior director of technology for the Boston Celtics.


Photo by Jason Grow
Such losses are causing business-technology managers to take a closer look at encryption. "Maybe it's time we all start to encrypt our tape data," says Jay Wessel, senior director of technology for the Boston Celtics basketball team.

Only 7% of businesses encrypt all backup tapes, says Tony Asaro, an Enterprise Strategy Group analyst. California's law requiring that companies notify customers if personal information may have been accessed has made the issue a public one. "This type of thing has probably happened before," Asaro says. "But the need for disclosure has made it more important to take precautions."

The federal government is considering legislation similar to California's law. In Washington last week, executives from companies stung by losses or theft of customer data vowed at a House hearing to do more to safeguard sensitive information, and they backed a federal law to require disclosure if customer data is compromised.

ChoicePoint, the information broker whose disclosure of a security breach set off a furor over privacy and identity theft, favors a national notification law, Don McGuffey, senior VP for data acquisition and strategy, said at the congressional hearing. In March, ChoicePoint stopped selling products that contain sensitive consumer data, except where there's a specific consumer-driven transaction or benefit, or where the products support government and criminal-justice purposes.

Reed Elsevier plc's LexisNexis division, which last month said data on 310,000 individuals might have been compromised, also supports a national reporting law, said Kurt Sanford, president and CEO for U.S. corporate and federal government markets. The company has tightened its security procedures, including truncating Social Security numbers displayed in nonpublic documents, he said.

Bank of America, which disclosed that backup tapes containing customer and account information for 1.2 million government charge-card holders were lost in transit, favors a "national approach to information-security guidelines," said Barbara Desoer, global technology, service, and fulfillment executive.

Some companies are replacing tape as their primary backup medium. Legal Services for New York City, which provides free legal aid for low-income residents, uses Double-Take replication software from NSI Software Inc. to continuously replicate its primary SQL Server database to a remote site. "There are fewer and fewer reasons for tape," chief technology officer John Greiner says.

The Celtics' Wessel uses tape for backing up digital files that are too large to be transmitted over a network. When an Iron Mountain truck shows up to pick up the backup tapes, which are handled and loaded by two Celtics employees, a third employee watches to ensure that none of the tapes are mishandled or misplaced. So far, Wessel says, no tapes have been lost.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.