You need to encrypt your e-mail

* Encryption, coupled with data loss prevention systems will be key to protecting against data breaches

On Oct. 1, a new Nevada law went into effect that requires organizations operating in the state to encrypt personal information sent outside of the organization. A similar, but more restrictive, law will go into effect on Jan. 1, 2009 in Massachusetts. What this means is that if you operate a business in either state, you will have to encrypt certain types of sensitive information if you send it past your corporate firewall or else face legal consequences.

These laws are the logical extension of California’s SB1386, a law that requires organizations possessing personal information on California residents to disclose to those residents if their data has been breached. Forty-three additional states have enacted laws similar in scope to SB1386 since the passage of that law and the remaining six are likely to do so in the near future.

What these data breach laws mean, coupled with the Nevada and Massachusetts encryption requirements, is that businesses must take data breaches and data protection more seriously than has ever been the case. (Compare Data Leak Protection products)

Most data breaches are inadvertent, such as the Pfizer employee who installed file-sharing software on her company-supplied laptop last year and exposed the records of more than 15,000 fellow employees. Inadvertent or not, the cost of data breaches can be significant in a number of ways: customers or employees whose data is released must be notified, sometime credit reports must be supplied to individuals whose data has been compromised, the reputation of the offending company suffers, revenue may be lost from customers who opt not to do business with a company whose data has been released, and so forth.

Unified communications will make the problem more serious given that data stores will contain more and varied types of information. For example, a compromised unified communication store could release not only e-mails, but also instant messaging conversations, voicemails, faxes and other content. Encryption, coupled with data loss prevention systems will be key to preventing these problems from occurring.

Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022