- Home
- Current Edition
- Author Guidelines
- Artwork Submittal
- Ad Specifications
- Media Kit
- Ad Pricing
- Insertion Order
- Article Reprints
- Editorial Calendar
- Industry Events
- Reader Feedback
- Contact Us
Download the
July/August 2008
Edition
Download the
May/June 2008
Edition
Download the
Mar/Apr 2008
Edition
The Risks of Inadvertent Data Disclosure
by Robert Gallagher, Gallagher Associates Consulting
Reverse Logistics Magazine, May/June 2007
In today’s digital world data security is becoming more important for everyone. Corporations have spent tens of millions of dollars on front-end data security of their IT assets and infrastructure. However, in many cases they have all but overlooked what are today’s biggest threat and easiest method of inadvertent and fraudulent data loss and ID theft of confidential information -- recovery of data from decommissioned and discarded computer and storage media.
When you consider both business and consumers, the estimated pieces of computer equipment being scrapped over the next five years is estimated to be one billion.
It is imperative that sensitive and confidential data be properly and securely destroyed before electronic storage devices are discarded or reassigned.
As consumers continue to amass large amounts of digital content, they require enhanced storage capacity on their consumer electronic products. A recent report by In-Stat stated that total worldwide shipments of hard drives will increase dramatically over the next five years, growing from approximately 304 million in year 2004 to 500 to 600 million in year 2009.
Data Capacity
Let’s look at an 80-gigabyte hard drive.
What fits inside?
You Choose:
- A stack of documents 11,100 feet high
- 8,000 digital photos
- 20,000 downloaded songs
New Laws and Acts Governing Data
- Health Insurance Portability and Accountability Act (HIPAA)
- Sarbanes-Oxley-Act (SOX)
- Gramm-Leach-Bliley Acts
- National Industrial Security Program (NISP)
- Patriot Act
- Identity Theft and Assumption Deterrence Act
- The Fair Credit and Accurate Transaction Act (FACTA)
- Family Educational Rights and Privacy Act (FERPA)
- Securities and Exchange (SEC)
- Canada’s Personal Information Protection and Electronics Documents Act (PIPEDA)
- Federal Information Security Act (FISMA)
- Children’s Online Privacy Protection Act (COPPA)
- Federal Trade Commission Act
- Federal Data Protection Act
- Basal 11
- Other emerging Federal, State and Local regulations and laws
Currently there are nearly 30 state laws on data protection offering varying degrees of security and enforcement.
Liability Issues
Non-compliance of these laws and regulations may lead to sanctions, fines, imprisonment and civil law suits. The real cost to companies may be far greater than any fines and civil lawsuit.
The Federal Trade Commission (FTC) has reported that companies and financial institutions had losses totaling $48 billion. Consumer losses were $4 billion in out-of-pocket expenses
Corporate Responsibility and Social Accountability
Companies need to develop compliance policies, processes, and chain-of-custody practices in an effort to perform due diligence in their responsibility to protect the “Intellectual, and personal Property Rights” of their employees and customers.
The first, fourth and fourteenth amendment of the United States Constitution gives us the fundamental right of privacy. As such there is a legal responsibility by company executives and IT managers to protect personal information, (financial, medical and personal).
Failure to protect and destroy sensitive and confidential data can have catastrophic consequences to a company on numerous levels, financial loss, irreparable damage to a company’s reputation and brand, as well as civil and criminal liability for directors, officers and IT managers.
Can you afford the exposure created by the inadvertent loss of data resulting in fraudulent use of secretive, sensitive and personal data?
Robert Gallagher is President of Gallagher Associates Consulting which specializes in global reverse logistics for the consumer electronics and computer markets. Gallagher Associates provides business strategy, organizational transformation, tactical and strategic direction for both national and global business development. Robert is actively involved in many professional industry associations and regularly speaks on subjects such as Sarbanes Oxley, HIPAA and other laws pertaining to data security and destruction with respect to end-of-life electronic assets.
