Information Vendors Back Disclosure Law - InformationWeek
Software // Enterprise Applications
03:50 PM
How Upwork Cut Zero-Day File Attacks by 70%
Oct 05, 2017
Upwork has millions of clients and freelancers that have to upload and download many files to and ...Read More>>

Information Vendors Back Disclosure Law

The loss or theft of customer data highlights the need for better security

The controversy surrounding lapses in personal-data protection intensified last week, as executives from Bank of America, ChoicePoint, and LexisNexis attempted to explain to Congress losses or thefts that involved hundreds of thousands of customer files.

Time Warner Inc. revealed that tapes containing names, Social Security numbers, and other personal data on 600,000 current and former employees disappeared on March 22 while being shipped to an off-site storage center run by Iron Mountain Inc. So far, there's no evidence that the tapes or their contents have been misused.

Iron Mountain says it has had four cases this year of human error that resulted in the loss of customers' backup tapes; the company performs more than 5 million pickups and deliveries of backup tapes each year.

Maybe the time has come for all companies to encrypt tape data, says Jay Wessel, senior director of technology for the Boston Celtics

Maybe the time has come for all companies to encrypt tape data, says Jay Wessel, senior director of technology for the Boston Celtics.

Photo by Jason Grow
Such losses are causing business-technology managers to take a closer look at encryption. "Maybe it's time we all start to encrypt our tape data," says Jay Wessel, senior director of technology for the Boston Celtics basketball team.

Only 7% of businesses encrypt all backup tapes, says Tony Asaro, an Enterprise Strategy Group analyst. California's law requiring that companies notify customers if personal information may have been accessed has made the issue a public one. "This type of thing has probably happened before," Asaro says. "But the need for disclosure has made it more important to take precautions."

The federal government is considering legislation similar to California's law. In Washington last week, executives from companies stung by losses or theft of customer data vowed at a House hearing to do more to safeguard sensitive information, and they backed a federal law to require disclosure if customer data is compromised.

ChoicePoint, the information broker whose disclosure of a security breach set off a furor over privacy and identity theft, favors a national notification law, Don McGuffey, senior VP for data acquisition and strategy, said at the congressional hearing. In March, ChoicePoint stopped selling products that contain sensitive consumer data, except where there's a specific consumer-driven transaction or benefit, or where the products support government and criminal-justice purposes.

Reed Elsevier plc's LexisNexis division, which last month said data on 310,000 individuals might have been compromised, also supports a national reporting law, said Kurt Sanford, president and CEO for U.S. corporate and federal government markets. The company has tightened its security procedures, including truncating Social Security numbers displayed in nonpublic documents, he said.

Bank of America, which disclosed that backup tapes containing customer and account information for 1.2 million government charge-card holders were lost in transit, favors a "national approach to information-security guidelines," said Barbara Desoer, global technology, service, and fulfillment executive.

Some companies are replacing tape as their primary backup medium. Legal Services for New York City, which provides free legal aid for low-income residents, uses Double-Take replication software from NSI Software Inc. to continuously replicate its primary SQL Server database to a remote site. "There are fewer and fewer reasons for tape," chief technology officer John Greiner says.

The Celtics' Wessel uses tape for backing up digital files that are too large to be transmitted over a network. When an Iron Mountain truck shows up to pick up the backup tapes, which are handled and loaded by two Celtics employees, a third employee watches to ensure that none of the tapes are mishandled or misplaced. So far, Wessel says, no tapes have been lost.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll