The Rottweilers of Data Security
The State of Nevada has now put into effect the nation’s first data encryption law, which prohibits businesses from electronically transferring customers’ personal data outside their organization unless it is encrypted.
This brought to mind a conversation I had recently with one of our enterprise customers in the financial services industry. He was describing their deployment of our managed file transfer technology throughout their corporate systems and in the main data centers. He referred to his data security staff as being “like the Rottweilers of the world” in their insistence that everything – even data moving between internal systems – must be encrypted.
This also made me think of some of the major data breaches that have happened. There was the theft of millions of customers’ credit card information from TJX. TJX, which is the parent company of retailers like T.J. Maxx, Marshalls, and HomeGoods, had to absorb a $118 million charge related to this massive security breach. TJX is probably lucky though – in that they seemed to have somehow weathered the storm. Major credit card processor, Card Systems Solutions, was not so lucky and was forced out of business when their systems, and detailed information on 40 million debit and credit-card accounts, were compromised. Visa and Amex stated that they would no longer do business with the company.
I think it’s only a matter of time before we see more States following the lead of the State of Nevada. This kind of legislation could easily take off and spread across federal, state, and local government lines. It’s logical, also, that organizations in the commercial sector might follow – almost as a self-policing move – even going one step further in encrypting data moving inside and outside their four walls.
- John
About:
John Lynch is Director of Marketing Communications at Proginet Corporation. In this role he oversees the company’s corporate communications initiatives, including press and analyst relations.
Filed under: 1 | 3 Comments
Tags: card, credit card, data, electronic data, encryption, enterprise, financial
The wait is over. With the government giving away almost a trillion dollars in aid, there is going to be the need for governance and oversight. So its not just about encrypting the information, its about being able to rapidly produce evidence that you in fact followed the letter of the law. And by the way the governing authorities will expect to see the reports almost in real time… ask your MFT vendor if they will supply you the templates, blueprints and dashboards necessary to pull this off…
Frank Kenney
I agree Frank – it’s going to be a case of “who, what, when and where.” Complete encryption of the data AND complete visibility of the entire process. As opposed to what quite a few organizations have today – data sent in the clear (no encryption) and a lack of visibility over the process (no centralized auditing or tracking).
Regards,
– John
Massachusetts is another State taking this matter very seriously with the new regulations (deadline pending)…
201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth
This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. This will apply equally to data in motion and at rest. It will surely take off beyond these initial U.S. States – as Frank states above “there is going to be the need for governance and oversight.”
- John