When it comes to protection, Kroll is at the top of the list. Recognized as the leader in forensic accounting worldwide, it’s easy to see why the Data Security world pays attention to their press releases. In fact, some of this article is taken directly from a press release for Kroll’s Data Security Forecast for 2011. Their COO, Brian Lapidus addressed the release with businesses in mind, but there will be a lot of impact in our daily lives as well.
Small Breaches Make Big News
Lapidus predicts that since healthcare organizations are now required to report breaches affecting 500 people or more, smaller data breaches will be reported more frequently. He went on to say that the larger breaches like T. J. Maxx will probably still occur, but there may be enough small breaches to match the number of victims affected. In other words, 2011 could see twice as many victims.
Because of the Obama administration’s socialized medical programs, health information exchange companies are popping up all over the place. They will become very common for a few years, then a few leaders will emerge. These companies may be started by people who know the healthcare industry, but they can just as easily be started by someone who does not. In fact, a good number of them may be started by people who would like to cash in on an emergent market but may have little or no experience running a business. Instead of being concerned with protecting client data, some of these companies may be solely focused on making a quick buck. This is a common trend, as the world witnessed during the dot com explosion, and more recently with identity theft protection programs, most of which have already gone out of business, while others have had two and you are lawsuits and Federal investigations.
According to the press release, Lapidus feels that companies will keep less data on their clients to reduce their liabilities. (That makes a lot of sense, if you have never taken my Social Security number, you aren’t responsible for it, right?) The release goes on to say he expects the concept of data encryption to be the new buzzword, but warns “…compliance doesn’t equal data security and encryption doesn’t equal a total solution – it is only one tool in the data security arsenal.” Companies will also put more emphasis on privacy training for employees, and Lapidus specifically mentioned social networking as an area that he expected to be addressed. Expect to hear much more about it in the coming year.
And, like most privacy advocates, Lapidus anticipates the passage of a data breach notification law, DATA being a likely candidate.
One prediction he made in the release was that “Low-tech” theft will increase. “Data thieves look for the path of least resistance, focusing on areas of least attention to the organization. Because most organizations are focused on improving technology and moving from paper to electronic records, we can expect to see more low-tech data theft on the horizon – such as the bank teller convicted of identity theft for writing down customer information on sticky notes and using it to open credit accounts.”
On the other hand, “…lost devices will dominate the data theft landscape. As consumers, we are heavily dependent upon our portable devices – smartphones, netbooks and laptops… stolen or missing devices continue to be a major source of data breaches. In fact, the US Department of Health and Human Services breach list indicates that 24 percent of reported breaches were due to laptop theft -- more than any other specific cause.”