CNET también está disponible en español.

Ir a español

Don't show this again


Confidential data really is at risk

Attorney Eric J. Sinrod says new survey confirms troubling anecdotal evidence about securing confidential data.

We have long heard about how confidential data can be at risk. Now, a new U.S. survey by the Ponemon Institute drives home the point with hard data. An astonishing 81 percent of companies and governmental entities report having lost or misplaced one or more laptops containing confidential business information within the last 12 months.

The survey, sponsored by data-protection specialist Vontu and aptly titled "Confidential Data at Risk," concludes that a main reason for corporate data security breaches is that many companies simply don't know where their sensitive or confidential business information resides. The survey goes on to summarize that "this lack of knowledge coupled with insufficient controls over data stores" poses "a serious threat to both business and governmental organizations."

The survey queried 484 information technology departments within U.S.-based corporate and governmental organizations. The answers to the survey questions paint a fairly bleak current picture. Only 10 percent of the respondents say their laptops had not been stolen. (Another 9 percent did not know.)

The corporate and governmental respondents generally agreed that electronic storage devices contain sensitive or confidential information that is unprotected, with 60 percent stating this to be the case for PDAs and other mobile devices, 59 percent for laptops, 53 percent for USB flash drives, 36 percent for desktops, and 35 percent for shared-file servers.

What's disturbing is that when asked how long it would take to determine what actual sensitive data was on a lost or stolen laptop, desktop, file server or mobile device, the most common answer was "never."

Unfortunately, it turns out this is not entirely surprising, given that 64 percent of respondents concede that their companies never have conducted a data inventory to determine the location of customer or employee information contained in various data stores.

Along these lines, 49 percent of respondents admit that business-related confidential information never has been inventoried as part of usual information technology control processes, and 48 percent state the same with respect to organizational intellectual property.

Wake up, America--this is unacceptable.

All prudent steps must be taken to account for and protect confidential data. The failure to take such steps can compromise the privacy of innocent employees and customers. What's more, it can jeopardize valued business relationships and lead to an organization's crown jewels--its intellectual property--walking out the door. Above all, there's the danger of legal liability.

Let's hope the next time such a survey is conducted, the results will be much improved. But it will take the dedicated efforts of U.S. companies and governmental organizations.