|
|
The Privacy Rights Clearinghouse, San Diego, reported in mid-December that more than 543 million records had been breached in the United States since 2005. As of mid-December the organization had tracked 535 breaches affecting 30.4 million records in 2011. Since then, the Online Trust Alliance (OTA), Bellevue, Wash., has reported that more than 125 million people were affected by data loss incidents in the last year. The incidents, according to the OTA, cost U.S. businesses more than $6.5 billion. The average cost incurred by each business was $7.2 million, or $318 per compromised record, an increase of more than $100 since 2009. The group estimates that more than 50 percent of these breaches were the result of server exploit and consumed more than 600 man-hours to remedy. The OTA 2012 Data Protection & Breach Readiness Guide (available at https://otalliance.org/resources/incident/2012DataBreachGuide.pdf) was developed to help businesses create a data incident plan to turn to after a security breach. The guide provides a sample data loss plan outline and information on computer forensics, encryption, data minimization and data destruction. John Roberson, executive director, Small Business Development Resource Center, Chicagoland Chamber of Commerce, says, “The OTA guide gives key insights into questions that companies need to ask themselves to protect their customers and delivers information for any business developing, implementing or updating their privacy policies and notices.” The OTA guide could be a useful resource for records and information management (RIM) companies to share with their clients in an effort to lessen the risk both organizations face in the case of a data breach, particularly when it involves personal information governed by the Health Insurance Portability and Accountability Act (HIPAA). Another tool that could help RIM companies and their clients is the subject of our cover story, “Liability Issues,” on p. 24. Downstream Data Coverage is liability insurance for companies certified to the National Association for Information Destruction (NAID) standard. According to NAID CEO Bob Johnson, Downstream Data Coverage offers a level of protection previously unknown to the industry. RIM professionals, particularly those with clients in the health care industry, may want to take all available precautions in light of the legal obligations for entities operating as “business associates” under the HIPAA Privacy and Security Rules. |
