Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

EU Legislation effect On US Data Protection

Varonis Systems : 09 January, 2012  (Technical Article)
Varonis highlights data protection issues for the USA as a result of forthcoming legislation from the European Union
EU Legislation effect On US Data Protection
With the European Commission poised to announce sweeping data protection legislation, Varonis, one of the world's top data governance solution providers, is advising US-based companies to take a closer look at putting reliable, robust systems in place for protecting data.

"It's imperative that organizations commit resources to protecting data in anticipation of the new EU laws that will be unveiled in January, even if you're not doing business abroad," said David Gibson, director of strategy for New York-based Varonis.

“We’re already seeing the UK regulator, the ICO, imposing its first major fines on public sector bodies, so it’s clear that regulators are recognizing the increasing value of digital assets, and the need to protect them. And with penalties of five percent of global turnover – rather like serious motoring offenses, the advice has to be to shape up, or face the consequences,” he said.

"These changes to EU data protection legislation are designed to prevent harm to those whose information is housed by organizations and out of their direct control. It's likely we'll see the US following suit in the near future," he said.

With over 23 million records containing personally identifiable information (PII) (source: privacyrights.org) leaked in 2011 alone, it is more important than ever for organizations to have proactive and repeatable processes in place for identifying and protecting critical data. There are already PII laws in the US including California, Nevada and Massachusetts.

"Even experienced security professionals may be surprised to learn that the US Sarbanes-Oxley Act draws closely on the original 1985 UK Companies Act.  European laws are traditionally broader and deeper, and will influence US legislation. In this way even US companies not doing business abroad are affected by international laws so it's imperative that we pay attention now," Gibson commented.

Gibson went on to say that it is increasingly clear to all organizations that the biggest risk surrounding data does not come from hackers directly compromising customer and employee files, but from overly permissive access, lack of access auditing, lack of context, and lack of automation for the volumes of unstructured data that slosh around company archives.

Research from Forrester and other analyst firm show that more than three quarters of data in large enterprises is unstructured, is overly accessible, lacks access auditing, and lacks automated analysis of authorizations and use. Gibson acknowledges that auditing this data can be difficult for IT security staff concerned.

“That doesn’t mean it is impossible. It just means that companies have to invest in the necessary data protection and analytical technologies capable of auditing – down to the last file – who does what, when and where with the firm’s data,” he said.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo