| |
Privacy needs Active Protection |
Ensuring data privacy is the law in many regulated industries; however protecting sensitive data is good business practice. Leaking confidential customer, financial and employee data can lead to significant financial, legal and reputational losses. While data protection is strongly enforced in production systems, the same rigor is often not applied to non-production test and development systems.
|
| |
Managing Risk and Privacy |
| To protect organizations against unauthorized access to sensitive data that can result in regulatory sanctions and impact corporate reputations, IT organizations need to focus on risk avoidance, awareness and mitigation. Using scrambled, encrypted or otherwise masked data on sensitive fields can avoid the risk of compromising personal data. Sensitive personal data is loosely defined as data that can identify an individual; masking names, addresses, phone and social security numbers eliminate the personal nature of the data in test and development environments. |
| |
CIO’s and senior IT management need to better understand the rules and regulations governing data privacy and implement active security policies that ensure data is secure by masking data wherever possible. When masking is not an option, documentation and a complete auditing system is required to prove compliance.
|
| |
Regulations are on the Rise |
| Oracle E-Business Suite has thousands of implementations storing sensitive information for millions of end users and businesses worldwide. These systems are constantly under the scrutiny of auditors looking for the potential risk for privacy weaknesses. This new scrutiny is forcing organizations to take personal information security and data privacy more seriously than in the past. Since November 2007, over 100 data breaches have been reported to the U.K. data protection authorities alone. In the EU, the European Data Protection Directive (Directive95/46/EC) states that Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or data concerning health or sex life. The provision also assigns liability to companies who misuse data and allows that any person who has suffered damage as a result of an unlawful data processing operation to receive compensation from the violating party. |
| |
| The United States is not far behind the EU with privacy legislation of its own. The Health Insurance Portability and Accountability Act (HIPPA), Children’s Online Privacy Protection Act (COPPA), and the Fair Right to Financial Privacy Act are just a few of the Federal privacy laws being enacted and many states are enacting their own state privacy regulations |
| |
