Information security analytics

Another senior member of the U.S. Securities Exchange Commission has voiced his opposition to small and microcap companies getting exemptions from a number of SOX provisions. The chief accountant at the SEC said that size should not play a role in investor protection. Meanwhile, experts at the InfoWatch analytical center stress that companies should stop waiting for changes to SOX and start taking advantage of the act to manage their regulatory and legal risks.

A series of high-profile data leaks last year in the U.S. sparked a flurry of activity in Congress and it seemed as if a much-needed national law would be passed at any moment, or at least in early 2006. However, recent events raise doubts as to whether the problem will be regulated by the end of this year. According to expert opinion at InfoWatch, business circles are intentionally delaying the adoption of a law on data leaks so that they don’t have to pay fines for their carelessness.

India's commercial banks have until March 31, 2007 to meet the provisions of the Basel II Accord. The head of the country’s main regulatory body has said, however, that with time the standard act will affect companies working in insurance and securities. According to the InfoWatch analytical centre, that will improve the competitiveness of the entire financial sector in India, as well as serving as a guide to each individual company.

Iron Mountain has once again lost back-up tapes containing client information. This time Long Island Rail Road employees have been affected. In a similar incident last July the company lost tapes with financial records belonging to several U.S. banks and in March 2005 it lost the private data of 600,000 Time Warner workers. According to InfoWatch experts, it is high time the company thought of compulsory encryption for all the data on its back-up tapes.

A recent experiment revealed that 81% of Londoners were willing to part with enough of their private details to facilitate identity theft for the chance of winning a modest prize. According to InfoWatch experts, the carelessness and trust displayed by those questioned would provide an organized crime gang with a healthy supply of private data to exploit or sell.

Compact disks with the private data of all the registered voters in the state of Ohio have been distributed to political campaign operations gearing up for spring primary election races. The incident has been put down to human error after a clerk apparently failed to check exactly what information was on the disks. According to experts at InfoWatch, however, there is no excuse for organizations not managing risks such as human error and confidential data leaks.

A laptop computer containing the financial and medical records of 38,000 Aetna clients has been reported stolen, but the company believes there is no real cause for worry because the laptop was password protected. In a press release Aetna’s CEO stated that the company has an effective IT security policy, though internal sources say that no one has ever heard of it. Experts at InfoWatch have suggested that talk of a security policy could be an attempt by the Aetna management to mitigate the effects of the data leak.

Statistics from the UK’s Department of Trade and Industry show that 33% of companies have banned the use of portable storage devices but do almost nothing to enforce those rules in the workplace. It means that insiders can easily remove corporate secrets to USB drives, smartphones and iPods. However, experts at InfoWatch stress that business should, and could, be doing more because products to address the problem already exist.

Honolulu police have discovered confidential information on 43,000 residents of Hawaii on a computer seized during a drugs investigation. Members of some of Hawaii’s public employee unions, among those facing the threat of identity theft, have accused the state of not protecting their personal data sufficiently. Experts at InfoWatch point out that the incident is a typical data leak that has led to serious political and legal repercussions.

U.S. Senate Bill SB 1338 could shortly force companies working in the state of Arizona to inform consumers if their private data is compromised. However, according to the law, the final decision – to inform, or not to inform — will be taken by the company involved. Experts at InfoWatch believe the U.S. is crying out for a federal law on data leaks and if legislators in Washington continue to drag their heels, every state will end up adopting their own local laws.