informa
Products & Releases

Online Trust Alliance Releases 2011 Data Breach Incident Readiness Guide

OTA guide addresses emerging security and privacy threats
Seattle, Washington – January 25, 2011 – The Online Trust Alliance (OTA) today announced the release of the 2011 Data Breach Incident Readiness Guide, a comprehensive guide outlining key questions and recommendations to help businesses in breach prevention and incident management. In the wake of increasing levels of data breaches, accidental data losses and incidents of user’s privacy being compromised, OTA has expanded its annual report to address the emerging security and privacy threats impacting businesses throughout the world.

With the White House, members of Congress, Commerce Department and the FTC calling for greater privacy controls and breach notifications, the OTA guide represents a significant self-regulatory effort to enhance data stewardship and consumer trust and ultimately the long-term vitality of commerce.

Washington State Attorney General Rob McKenna says: “We live in a digital world where organizations must defend against data breaches and be prepared to quickly mitigate additional harm should personal information be compromised. We encourage businesses and agencies to consider the resources provided by the Online Trust Alliance and other organizations as they develop their own plans to protect sensitive data.”

“In the past 5 years, over 525 million records containing sensitive personal information have been compromised, significantly undermining the foundation of consumer trust,” said Craig Spiezle, Executive Director and President of the Online Trust Alliance. “With the onslaught of criminal and deceptive business activities, we are calling on business leaders to develop a readiness plan. Those failing to act may be faced with increased public scrutiny, regulatory pressures and a tarnished brand reputation.”

According to the OTA’s 2011 Data Breach Incident Readiness Guide, the true test for organizations and businesses should be the ability to answer key questions such as:

1.Do you know what sensitive information is maintained by your company, where it is stored and how it is kept secure? 2.Do you have an incident response team in place ready to respond 24/7? 3.Are management teams aware of security, privacy and regulatory requirements related specifically to your business? 4.Have you completed a privacy and security audit of all data collection activities, including cloud services, mobile devices and outsourced services? 5.Are you prepared to communicate to customers, partners and stockholders in the event of a breach or data loss incident?

Recommended Reading: