Last April, McAfee and Datamonitor released a report called “Datagate: The Next Inevitable Corporate Disaster?” The report held some disturbing statistics about data breaches:

* More than 60% of corporate respondents have experienced “data leakage” within the last year, and a third believe it could put their company out of business.

* The average annual cost of data leakage was $1.82 million.

* Intellectual property and financial information are the two most valuable classes of data.

* On average, a data breach that exposes personal information costs over a quarter million dollars - even if the lost data is never used. And it will cost hundreds of thousands of dollars more to service those same customers with follow-up programs and call/support centers.

* A data breach costs companies millions of dollars in lost brand equity and government fines and penalties.

Data loss can happen to any organization, and statistics like these are driving many companies and government agencies to seek out encryption capabilities for data storage devices. For IT managers and compliance officers, full disk encryption for laptops and desktop computers is becoming increasingly popular as a security measure.

If the ominous statistics aren’t enough to motivate organizations to encrypt their data, laws such as the California Information Practice Act known as SB 1386 are forcing the issue. This ground-breaking 2003 law requires an agency, person or business that conducts business in California and owns or licenses computerized “personal information” to disclose any breach – or suspected breach – of security to any resident whose unencrypted data is believed to have been disclosed. Because the law specifies that notification only pertains to the exposure of unencrypted data, many organizations are turning to full disk encryption as a sort of “get out of jail free card.”

I turned to Sean Steele, one of the principal security consultants at infoLock Technologies, to get his practitioner’s advice about deploying full disk encryption within a large organization. Sean says this is a very hot issue with most of his clients. Before he recommends a solution to a client, they go through a litany of questions to determine what would work best for that organization. We’ll discuss some of those questions and considerations in this and next week’s newsletter.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.