Skip to main navigation

Top 11 privacy trends for 2011 - 2. Breach notification requirements - Ernst & Young - Global

Top 11 privacy trends for 20112. More breach notification requirements

  • Share

Breach notification goes beyond regulatory compliance. Its focus is on transparency, which has fundamentally altered how organizations approach privacy and data protection. Breach notification failures have resulted in reputational damage and attracted the attention of regulators.

Around the world, governments are getting on board with breach notification schemes

  • Canada
    In Canada, an amendment to the Personal Information Protection and Electronic Documents Act (PIPEDA) is making its way through the regulatory process and includes breach notification obligations.
  • European Union
    In the EU, a breach notification regulation for the telecommunications industry will come into effect in 2011.

    In addition, the EU’s review of the Data Protection Directive is expected to result in notification requirements for all EU member countries. Some EU countries are adding their own breach notification provisions. In the UK, for example, regulators are working on a law that will force organizations to publicly acknowledge any data breaches to regulators and to inform those affected.

  • Asia
    In Asia, Japan is leading the way with breach notification requirements that have been in place for several years. Much like in the US, the expense associated with such breaches can lead to a significant number of direct and indirect expenses for organizations operating there.

As WikiLeaks shows, the “insider threat” is very real

Breach notification cannot be discussed without raising the concern of the “insider threat.” Individuals who are authorized to access and use information are increasingly found at the center of high-profile incidents.

Such misuse of information may be due either to lack of awareness or to malicious intent.

Training and awareness are key to addressing the unintended disclosure of information. Technical controls, such as tools for monitoring information traffic, can be of great help when addressing more malicious cases.

Data loss prevention tools offer help in monitoring information traffic

Data loss prevention (DLP) tools can also help by monitoring unintentional or intentional data leaks from within the organization.

In 2011, we will continue to see the popularity of these tools increase as organizations look for a technical control to limit their breach exposure. However, it takes more than the purchase of a DLP tool to achieve effective monitoring of personal information to prevent loss.

Adopting these tools requires appropriate consideration of the policy that will guide the extent of the tool’s implementation (e.g., to stop a possible leak or just report it for a later investigation) as well as cross-functional leadership support and the necessary staf.ng to implement it.


Three ways to stay on top of breach notification
  1. Develop and implemented an incident response plan for handling breaches of personal information.
  2. Identify the relevant breach notification requirements in your industry and jurisdiction(s) of operation.
  3. Look into the adoption of a DLP tool or using DLP services to monitor your organization’s network for possible loss of personal information.

« Previous | Next »

Inside

Related content

  • Are you throwing money at your risk problems?
    Companies must demonstrate sound risk management. But spending big on compliance doesn't translate into true stability. Sound familiar? Stop the spending spree.
  • New information technology is both friend and foe — borderless security
    In a world of anytime, anywhere access to information, traditional security efforts are not enough. Our survey explores the risks and obligations you face to keep information secure.

Download

Contact

Feedback

Back to top