2016 Breach Prevention: Time to Purge DataCollecting Less Data Minimizes Security Risks, Breach Fallout
Will 2016 be the year that more organizations finally begin taking significant steps to safeguard stored data and thus minimize the potential damage from data breaches?
"There's going to be a lot of collective head scratching over what we do about it," DataBreachToday Executive Editor Mathew J. Schwartz suggests in an audio blog that assesses 2016 data breach trends (click player beneath image to listen).
But one vital next step, Schwartz points out, is for organizations to minimize the amount of personally identifiable information that they store.
Revised European data privacy rules, for example, will soon require businesses - upon receiving requests from former customers - to remove their personal information from corporate servers (see EU Agrees on Data Protection Rule Reboot). Schwartz points out that if PII purging was in place at the online dating service Ashley Madison, which was the victim of a massive breach in 2015, personal details for millions of current and former customers would not have been exposed.
Purging PII is good for business, too, Schwartz says. "There is an upside for them if they can nail the security and privacy question and even if they do get breached, not lose data that is spilling personal details and personally identifiable information about so many individuals."
In this audio blog, Schwartz also predicts that breaches in 2016 will continue to highlight how embarrassing and inadequate security controls are continuing to prevent breaches or minimize their impact.