SAFEGUARDING PERSONAL INFORMATION CALLS FOR A MORE COMPREHENSIVE APPROACH BY FINANCIAL SERVICES INSTITUTIONS

Needham, MA - 8 August 2007

New research from TowerGroup finds that businesses are not doing nearly enough to prevent the loss or theft of customers' personal information. The pace of data loss is quickening across many industries, including financial services, because businesses commonly maintain customer databases that contain personally identifiable information (PII) but do not have clear data-protection policies or technologies in place.

Since the end of 2006, the total of lost records reported has increased 50%. TowerGroup expects the rising loss rate to provoke louder demands from both the public and government for businesses to strengthen data protection and become more financially and legally liable for security breaches.

For years, financial services institutions have been collecting customer and prospect data on purchases, balances, transactions, service interactions, click streams, and marketing responses. Conventional wisdom equated data with knowledge. But the practice of collecting data in an unchecked fashion is leading to more problems than solutions. While the success of multifactor authentication for online account log-ins has reduced the effectiveness of phishing and malware schemes, criminals continue to develop new techniques for committing financial fraud.

Solving the issue of data loss is complex. However, by combining new technologies with basic security practices, companies can dramatically reduce or even eliminate most data loss. In a new research report, TowerGroup outlines the essential elements for more effective data loss prevention programs:

• Policy formulation, dissemination, and enforcement
• Data discovery
• Risk assessment
• Data consolidation
• Access control
• Communication monitoring
• Encryption

The new report titled “Safeguarding Personally Identifiable Information: Always Use Protection!” by George Tubin, research director of TowerGroup’s Delivery Channels and Financial Information Security practices, provides an overview of standard information security methods and emerging technologies that organizations should use to prevent data loss.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development