Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Responding to the Inevitable Data Breach Print E-mail
User Rating:      How can I rate this item?
Source: CSO Online - Posted by Pax Dickinson   
Security "Experience makes it apparent that attempts to prevent data loss will ultimately fail," wrote Drew Robb in the September 19, 2005 issue of Computerworld magazine. The issue is not whether a business will experience a data breach triggering statutory disclosure obligations and subjecting it to public shame. Rather, the issue is how that business will respond when the inevitable happens. A statutorily-mandated breach disclosure will, for most companies, create a near-term public relations crisis. Fortunately for those who were not among the first to disclose data breaches under SB-1386, the experiences of those who were have created a template for how to respond. There are several key points to remember.

First, companies can take preventative action. Many companies within the last few years have created a chief privacy officer or similar position, even when data collection is not their core business. All substantial businesses should consider creating such a position, or at least tapping an existing corporate officer with the duties of such a position and including this position in her title. The very act of creating the position evidences heightened concern for data security and privacy. It also serves two practical ends. It sends a clear message to customers, as well as potential data thieves, that the company’s eye is on the data-security ball. If it is the job of no one in particular to keep an eye on that ball, it is more likely to hit the ground at some point. Having someone in charge who focuses on privacy and data security will certainly help avoid some problems that might otherwise arise. Also, ordaining a chief privacy officer may help address post-breach claims that a company cavalierly ignored the importance of privacy and data security. As with many other issues that create potential liability, it is important to have policies in place and be able to point to tangible actions taken to help minimize harm. The very existence of a chief privacy officer who manages policies aimed at preventing a breach may provide good defenses to claims asserted in the aftermath of a breach, either by the media or by lawyers.

Read this full article at CSO Online

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.