Monday, September 25, 2006
Data breaches are really in the news again. The New York Times recently had an article that indicated that with all the data breaches in the last two years, 93,754,333 private records have been exposed. Banks are not exclusive to this list, but we have our share of this exposure problem.
Last week it was revealed that the Commerce Department has lost 1,137 laptops since 2001. 672 of those were from the Census Bureau.
And on Sept. 20, 2006 the Office of Management and Budget told each agency to prepare now for a data breach. This is preparation, not anticipation. But trying to assemble a plan when you have an event means it is too late. The instructions said that a core management team should plan a response to a breach and include experts from technology, privacy, and law enforcement.
Banks have long since had this marching order. Section 501(b) of Gramm-Leach-Bliley established standards for information security in 1999. In 2001 an interagency guidance document updated this requirement (also refer to the Federal Register Vol. 66, No. 22/Thursday, February 1, 2001).
With the increase in news and government preparation, this may be an opportune time for banks to review their InfoSec plan. It is a natural fit with multifactor authentication also on the front burner.
Last week it was revealed that the Commerce Department has lost 1,137 laptops since 2001. 672 of those were from the Census Bureau.
And on Sept. 20, 2006 the Office of Management and Budget told each agency to prepare now for a data breach. This is preparation, not anticipation. But trying to assemble a plan when you have an event means it is too late. The instructions said that a core management team should plan a response to a breach and include experts from technology, privacy, and law enforcement.
Banks have long since had this marching order. Section 501(b) of Gramm-Leach-Bliley established standards for information security in 1999. In 2001 an interagency guidance document updated this requirement (also refer to the Federal Register Vol. 66, No. 22/Thursday, February 1, 2001).
With the increase in news and government preparation, this may be an opportune time for banks to review their InfoSec plan. It is a natural fit with multifactor authentication also on the front burner.
