Lost Confidential Information: What the Organization Should Do and Why

Share Article

Laptop thefts from all types of organizations create the potential for unauthorized disclosure of personal records. While organizations take steps to protect confidential data, few have linked their security and risk reduction programs to IT asset management. The IT asset management program provides the fundamental information of where the sensitive data is in the organization and has the power to enforce the IT policies that reduce the risk of serious breaches.

In the last 18 months, over 40 instances of stolen laptops containing sensitive information have featured prominently in the news. These thefts have the potential of unauthorized disclosure of personal records for over twenty eight million individuals. The organization’s efforts to lock down the workplace may have slowed thefts of desktops and removable media, but laptop thefts typically occur outside of the workplace. For IT asset management professionals the questions are “What is the organization’s responsibility to insure that sensitive data is not put at risk and how can I implement business practices to meet these expectations?”

The organization is indeed responsible for protecting sensitive data. According to Lawrence Husick, a noted Intellectual Property Attorney with the firm of Lipton, Weinberger & Husick, and faculty member at the University of Pennsylvania and the Johns Hopkins University, “The proprietor of the information has a legal obligation to maintain the security of information relating to its employees and those individuals with whom it does business. Beyond the stringent requirements of laws such as HIPAA, Gramm-Leach-Bliley and the California Security Breach Information Act, organizations need to take every reasonable precaution in safeguarding confidential information. This obligation also applies to third party accounting organizations, consultants, and law firms, in whom the proprietor places a special trust”. Husick added further that, “allowing confidential information to leave the office without extra measures such as automatic encryption may result in legal liability if the information is lost or compromised.”

So, what actions can the organization take to both reduce the risk?

Step One: Know where the sensitive data is kept

According to Ed Cartier, Senior VP of Eracent, which specializes in IT asset and information management solutions, “It is not difficult to scan all of the devices, even in a very large organization, and get a report of specific file types or file names on specified device types.” What about the elusive laptop? Cartier responded “Using Eracent’s technology, a member of the IT staff could easily obtain a list of all laptops containing the file types or file names that have sensitive information.” An automated network discovery and inventory system enables the organization to monitor what applications and information resides on specific computers or types of computers.

Step Two: Build business practices based on enforced policies

Policies are the rules organizations use to set a standard of behavior for their employees. These policies can greatly reduce risks of sensitive data loss. “Policy may forbid some devices to be removed from the premises, which can be enforced through vigilant and consistent discovery,” explained Cartier. Laptops are acquired to meet the needs of the mobile employee, so restricting the movement of the laptop is impractical. Unfortunately, that movement makes laptops an easy target for petty theft. In order to protect the sensitive data on those laptops, Cartier recommends that “the policy should require the personnel using the devices with sensitive data to encrypt the data. We enforce that encryption and the enforcement of all the policies by supporting the entire lifecycle of the device, ensuring that encryption continues even through the disposal process.”

IT asset management has an essential role in helping an organization secure its sensitive data. Cartier remarked,”Eracent has taken a lead role in alerting the marketplace of the critical role that IT asset management has in a comprehensive data security program. Our customers have come to rely on the information provided by our solutions to augment their IT security programs and policies.”

Readers seeking more about IT asset management and data security should go to http://www.eracent.com and register for the Eracent Information Center for access to white papers, industry articles and other valuable resources for the IT Asset Manager.

About Eracent

Eracent, Inc. is a global provider of IT asset management solutions for organizations who require accuracy and accountability for their asset inventory while maximizing their IT investment. Eracent offers a full suite of IT asset management solutions that solve tactical and strategic business goals with technology that is easy to use and designed for today’s multi-platform complex environments. Eracent’s ease of implementation includes compatibility with most popular enterprise software applications and has been used to enhance the value of such widely used solutions as Microsoft® SMS™ (MSFT), IBM® Tivoli™ (IBM) and Altiris® Software Delivery Solution™ (ATRS). To learn more about Eracent, visit http://www.eracent.com.

All product names are the trademarks or registered trademarks of their respective owner.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jenny Schuchert
Visit website