We have long heard about how confidential data can be at risk. Now, a new U.S. survey by the Ponemon Institute drives home the point with hard data.
An astonishing 81 percent of companies and governmental entities report having lost or misplaced one or more laptops containing confidential business information within the last 12 months.
The survey, sponsored by data-protection specialist Vontu and aptly titled "Confidential Data at Risk," concludes that a main reason for corporate data security breaches is that many companies simply don't know where their sensitive or confidential business information resides. The survey goes on to summarize that "this lack of knowledge coupled with insufficient controls over data stores" poses "a serious threat to both business and governmental organizations."
The survey queried 484 information technology departments within U.S.-based corporate and governmental organizations. The answers to the survey questions paint a fairly bleak current picture. Only 10 percent of the respondents say their laptops had not been stolen. (Another 9 percent did not know.)
The corporate and governmental respondents generally agreed that electronic storage devices contain sensitive or confidential information that is unprotected, with 60 percent stating this to be the case for PDAs and other mobile devices, 59 percent for laptops, 53 percent for USB flash drives, 36 percent for desktops, and 35 percent for shared-file servers.
What's disturbing is that when asked how long it would take to determine what actual sensitive data was on a lost or stolen laptop, desktop, file server or mobile device, the most common answer was "never."
Unfortunately, it turns out this is not entirely surprising, given that 64 percent of respondents concede that their companies never have conducted a data inventory to determine the location of customer or employee information contained in various data stores.
Along these lines, 49 percent of respondents admit that business-related confidential information never has been inventoried as part of usual information technology control processes, and 48 percent state the same with respect to organizational intellectual property.
Wake up, America--this is unacceptable.
All prudent steps must be taken to account for and protect confidential data. The failure to take such steps can compromise the privacy of innocent employees and customers. What's more, it can jeopardize valued business relationships and lead to an organization's crown jewels--its intellectual property--walking out the door. Above all, there's the danger of legal liability.
Let's hope the next time such a survey is conducted, the results will be much improved. But it will take the dedicated efforts of U.S. companies and governmental organizations.
Biography
Eric Sinrod is a partner in the San Francisco office of Duane Morris. His focus includes information technology and intellectual property disputes. To receive his weekly columns, send an e-mail to with the word "Subscribe" in the subject line.
Disclaimer: This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.
Reprinted with permission from CNET News.com.