Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

When A Company Folds, Who Guards Your Data's Privacy?

IT and business both understand the need to protect regulated customer and business data -- so long as they're in business, analysts say. Here's a look at how some folding businesses are falling short protecting data and the possible liabilities for the IT group and CIO.
Page:

From HIPPA to Sarbox, a slew of regulations to protect customer and employee data force CIOs to step lively to comply. The punishment for failure to do so is costly and even dire. But once a company folds-and more are folding every week given the economy-what happens to that data? Who in the business and IT could be hit by the splatter if it all hits the fan?

"Certain companies have been disposing of records containing sensitive consumer information in very questionable ways, including by leaving in bags at the curb, tossing it in public dumpsters, leaving it in vacant properties and/or leaving it behind in the offices and other facilities once they've gone out of business and left those offices," says Jacqueline Klosek, a senior counsel in Goodwin Procter's Business Law Department and a member of its Intellectual Property Group.

"In addition, company computers, often containing personal data, will find their ways to the auction block," she adds. "All too often, the discarded documents and computer files will sensitive data, such as credit card numbers, social security numbers and driver's licenses numbers. This is the just the kind of data that can be used to commit identity theft."

Discarded and unguarded data is now low-hanging fruit for criminal harvesters and corporate spies. "Recent client activity supports that competitors are beginning to buy up such auction devices specifically with the intention of trying to salvage the data," says James DeLuccia, author of IT Compliance & Controls. "Hard drives are being removed and sold online, or whole servers are sold via Craigslist and Ebay."

In some cases, the courts insist data be sold during a bankruptcy. "Company servers, once I restore them to operation, are handed over to the bankruptcy trustee's representative," says Bill Horne, a consultant at William Warren Consulting, a computer and network installations, security and service company. "The data they contain is considered to be a corporate asset and it is conveyed to the new owners in every situation I've seen."

Horne says his business is booming as more companies fail and more buyers await the goods.

Even companies still in business but looking to discard excess hardware abandoned by laid-off workers are exposing customer data to hordes of thieves. "Outdated or unused desktop machines, which might contain all kinds of sensitive data, are either sold to recycling firms or to the general public, with no attention to data security," says Horne.

Most recyclers expect PCs to arrive with software intact, says Horne, because it raises their resale value. Few computer service firms bother to tell their customers about the danger of letting old machines go out the door without first erasing their disks, he says.

"When I accept machines from my customers, either for resale or recycling, they know I will 'flatten' the machines before passing them on," he says. "Unfortunately, I'm the exception rather than the rule."

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Aladdin, Aladdin Knowledge Systems, Bill, Burton Group, etwork, FTC, Goodwin Procter
References show all

Comments

1

Kazelsdu

Sun 08/03/2009 - 02:43

Aboutrqhmx

Hi!ghdp! http://bqnwsmet.com juohh iuvyz http://qxplzkis.com xhnrp qdtpn http://wwwvtjeq.com fxmhv ehbec http://vsehksah.com bcmly wiump http://zitosbfb.com nrhde rtgav

2

Kazelgtw

Sun 08/03/2009 - 02:44

Aboutvzdiz

[URL=http://edlhekon.com]ioxle yqqvs[/URL] [URL=http://jtfqbulo.com]vszjx tagjc[/URL] [URL=http://qdpwtkle.com]mcslo aszxk[/URL] [URL=http://twfcljke.com]esuoa ralba[/URL] [URL=http://xhscghni.com]cxfoo aygfe[/URL]

3

Kazelvoa

Sun 08/03/2009 - 02:46

Aboutqoxuj

Hi! http://mnemxsuz.com tjqge tpere http://xmrdzeei.com vhama ewgpk http://enygskom.com ihten fwobj http://roemfvsa.com rmkti rqcic http://snypdchk.com xykue whepn

4

Kazelzge

Sun 08/03/2009 - 02:47

Aboutijtdj

Hi! http://ilgsfbma.com mozyf pwxej http://hthxfxlb.com hvjhk abufp http://dtidhgrp.com zjhop aczqx http://nwvbzqgd.com cvcdx soaox http://mbvhovzd.com iekfg komai

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: CIO role, data breach, data security
Latest Blog Posts
Whitepapers
  • Oracle Business Process Analysis Suite
    Careful analysis and continuous optimization of business processes delivers real competitive advantage. Conversely, a random approach to process design negatively impacts a company’s bottom line. This insight is one reason successful companies adopt business process management (BPM) as a way of aligning their business processes with business and customer requirements. Success with BPM eliminates the gap between business strategy and implementation. Business users are empowered to participate in all stages of the business process lifecycle. Closed-loop integration between modeling, execution, and monitoring enables continuous and holistic business process improvement.
    Learn more »
  • Lower Your IT Costs When You Standardize on Oracle Database 11g
    As business operations become more complex, the demand for change in IT increases, along with the associated risks that must be mitigated. Today’s IT professionals are asked to manage more information and deliver it to their users in a timely manner with ever-increasing quality of service. And in today’s economic climate, IT must also reduce budgets and derive greater value out of existing investments.
    Learn more »
  • New Mobility Requires a New Network Strategy
    Computing has gone through several major transitions through the ages, each of which raised the value of the network and dramatically lowered the cost of computing. In the years after its birth in the mainframe era, the computing industry shifted to client/server and then Internet computing. Today, we are beginning yet another major computing revolution: the shift to mobile computing. This revolution already allows us to carry mini computers, called “smartphones,” in our pockets. This shift will drive down the cost of computing even further and drive up the value of the network, forever changing its role in organisations. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments