Three Ways To Prepare For The IT Impact Of New Privacy Laws
In the wake of numerous high-profile customer-data breaches, companies that haven't previously been subject to information security and privacy regulation should expect new regulations to mirror elements from existing laws. For businesses that want to start planning now, there's no need to wait for implementation instructions on how to secure consumer data.
Plan For The Obvious
Companies that haven't previously been subject to information security and privacy regulation should expect new regulations to mirror elements from existing laws: Put someone in charge, analyze vulnerabilities, make a plan, implement policies and procedures that address technology as well as business processes, train, monitor your service providers, and circle back to evaluate and adjust your program on an ongoing basis.
These common and common-sense requirements appear in existing data-security regulations for companies subject to the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and, north of the border, the Canadian Personal Information Protection and Electronic Documents Act.
Businesses will have to be reasonably certain their service providers live up to the same standards. A company must wisely choose and monitor its service providers and cannot evade privacy liability by outsourcing. Even while Congress has been considering new regulations to control outsourcing, existing laws already require companies to police their service providers by building privacy provisions into contracts and monitoring vendor performance.
Some companies pondering the future of regulation may be unaware that a mandate of reasonable security already applies to them today. If a company is engaging in business-to-consumer transactions, it is regulated. Under the basic consumer-protection principles of Unfair and Deceptive Acts and Practices laws, the Federal Trade Commission and state attorneys generally already have established a data-security-enforcement history involving organizations that include the ACLU, Alta Vista, Barnes & Noble, Eli Lilly, Guess, Microsoft, Sony/InfoBeat, Tower Records, Victoria's Secret, Ziff Davis Media, and many others.
These cases targeted online practices, but the rules are the same in all data channels. Be assured that consumer-protection agencies are taking a hard look at offline and business-to-business transactions that expose consumer data. And take note, "consumer data" means more than hot-button data such as Social Security numbers, credit-card numbers, and medical data. It includes names, addresses, phone numbers, and Global Positioning System data.
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?