A question that should be on the mind of every public, private, and non-profit Officer, Board Member, Inside and Outside Counsel, Internal and External Auditor and Accountant, Insurance provider, Investor (funds or individual) and customer. A catastrophic data breach can create significant financial damage to your company, never mind the impact it may have on your brand, investors and customers. With the rapid advancement of technology and the constant integration of devices to networks, applications and people, the world of data security is becoming more and more complex. Much time is spent by IT professionals and Chief Privacy Officers (CPO) to deploy technology to protect their internal network infrastructure. This is certainly a step in the right direction, but is it enough?
Breaches today are not just coming from the traditional hacker, but from internal sources – employees and also partners. I certainly am not suggesting all employees or partners are unethical. Your organization and partners are dealing with a cultural shift. Today there are many employees who believe that what they have created for the organization is their property. Many have grown up in a generation where downloading free music, videos, movies etc. is part of a daily lifestyle and in their mind not unethical. These are not necessarily bad people. They are sometimes just uninformed and naïve to the realities of what they are doing and the intellectual property laws they are violating. Unfortunately, some don’t seem to care either way.
Today yours and your partner’s workforces are made up of many of these people of varied ages. With USBs, e-mail, instant messaging, texting, social networking and other transport capabilities, how do you know what information is moving in and out of your organizations control? An even more challenging question is how do you manage your partner relationships and their employees, so a breach of your critical information doesn’t occur? A multimillion and maybe even billion dollar question is how do your downstream partners manage their data and just as importantly yours? A recent article, Copier Data Security Threat Puts Lawyers at Risk of Ethics Violations, by Paul Unger is a good example of some of these risks.
No matter the size of the organization or what product or service it provides, you and your partners need to think about data security and governance. To start, there are a few questions you should ask of yourself and of all of your partners.
1. Do you have a Data Governance Plan?
2. Does it focus on people, process and technology?
3. Does your Data Governance Plan also focus on your partner’s people, process and technology?
This is just the beginning of a never ending story to protect your and your customers’ critical data. Don’t be naïve and think that this cannot impact you in a very big way. According to Rob McKenna, WA State Attorney General “The number of data breaches increased seven fold from 2008 to 2009” and is expected to continue to grow exponentially. Can you really risk that you or one of your partners may not be next?
As the commercial used to say, “pay me now or pay me later”. Be proactive, not reactive! This is truly about the culture you have bred and ultimately the value of your organization, its brand and your relationship with your customers and investors.
Photo credit mateoutah
