Shield private data from prying eyes
- By Samuel Sinn
0 Comment(s)
Print
E-mail Shanghai Daily, February 4, 2013
While survey results suggest that the majority of companies worldwide encrypt data in transmission, far fewer appear to encrypt data at rest in databases, laptops, file shares and removable and mobile media.
The nature of the crime makes it difficult to prosecute.
The anonymity in committing data and identity theft makes it attractive to thieves because it can be committed miles, even countries, away. All a criminal needs is access to a computer.
Many countries have enacted laws to protect personal data privacy. China is currently making significant progress in protecting personal data.
National standards
In 2012, the Ministry of Industry and Information Technology issued a set of draft national standards called "Information Security Technology - A Guide to Personal Data Protection."
The guideline sets out the requirements in the collection, processing, transmission and disposal of personal information. It is expected to be officially issued in early 2013.
On December 28, the Standing Committee of the National People's Congress passed the decision of draft rules to protect online personal information and is now awaiting top legislative approval. These rules cover the duties and obligations of Internet service providers to protect user data, the consequences for data privacy breaches and the prohibition of email and text message spam. The objective of all these initiatives is to protect the public interest.
The following are the possible actions that companies should consider in order to mitigate data and identity theft risks:
Identify and classify data according to sensitivity and risk. Know where it resides and flows;
Understand the threats that are specific to the company's data and the company itself;
Implement protection capabilities to safeguard the company's sensitive data end-to-end;
Test the company's protection capabilities. Monitor them continually and update them as necessary;
Plan for a controlled and coordinated response to incidents when they occur.
Having the right information-protection strategy can create advantages over competitors and minimize the financial, legal and reputational risks a company faces. More importantly, having confidence in information protection allows the company greater freedom in pushing the envelope of its business.
Go to Forum >>0 Comment(s)