Identity theft is rampant with data security breaches posing serious business threat

Companies need to reduce risks associated with exposing customer data, losing intellectual property, or violating compliance obligations – according to new PricewaterhouseCoopers (PwC) report ‘Data Loss Prevention: Keeping sensitive data out of the wrong hands’ released today.

According to the new report, as the difficult economic conditions continue, businesses are likely to experience an increased number of high-profile data security breaches. Such events may expose businesses to costly legal ramifications, as well as causing severe reputational and brand damage.

The recent PwC Global State of Information Survey revealed that more than two thirds of organisations do not maintain either an accurate inventory of user data or a list of locations and jurisdictions where this information is stored. Furthermore, only half of all companies have a policy that addresses the protection, disclosure and destruction of data. And although nearly two-thirds of companies worldwide encrypt data in transmission, far fewer appear to encrypt data at rest – for example in databases, file shares, laptops and backup tapes.

Companies cannot afford to take this lack of data security lightly. Identity theft is rampant, accounting for approximately one-third of consumer complaints received by the Federal Trade Commission last year (1). Furthermore, over half of identity-theft related data breaches could be attributed to theft or loss of computer or electronic transportable media.

Speaking at the launch, Ciaran Kelly, Partner, PwC Ireland said:

“Data security breaches pose a serious threat to business. With consumers and regulators demanding more control over sensitive data than ever, it is clear that now is the time to start better protecting your company’s customer data, core intellectual property, trade secrets and regulated data.”

It has been proven that costly data breaches might occur if the following circumstances exist: (1) A workforce reduction programme is being planned; (2) An outside supplier is being used for print and mail operations; (3) Employees throughout the organisation regularly export data from the customer relationship management system and send it, typically unencrypted, to their personal e-mail address so they can work from home; and (4) Management do not know where their most sensitive data resides across the business, and they may not have the appropriate controls in place to prevent unauthorised access.

Ciaran Kelly concluded:

“For data loss prevention to be effective, companies must decide on the right strategy, engage the right people, target the right data and employ the right technology. By aligning a well-designed data loss prevention programme with an overall data protection strategy, you can gain control over sensitive data, reduce the cost of data breaches and achieve greater visibility into how data is used throughout your organisation.”

Ends

Notes to Editor

(1) Federal State Commission 2008 : ‘Consumer Fraud and Identity Theft Complaint Data’.

PwC believes that there are four key components to any successful Data Loss Prevention (DLP) program:

• Strategy – Determine the objective, develop a plan and monitor progress against KPIs;
• People – Increase resource effectiveness and accountability;
• Process – Streamline, simplify and standardise processes through the data life cycle; and
• Technology – Use technology solutions to prevent and detect data loss.

About PricewaterhouseCoopers
PricewaterhouseCoopers (www.pwc.com/ie) provides industry-focused assurance, tax and advisory services to build public trust and enhance value for its clients and their stakeholders. More than 155,000 people in 153 countries across our network share their thinking, experience and solutions to develop fresh perspectives and practical advice.

'PricewaterhouseCoopers' refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.