Iron Mountain PC Data Protection Review
|
|
|
|
Nymity's Independent Privacy Solutions Review provides an unbiased assessment of the legal and privacy benefits of Iron Mountain PC Data Protection solutions and how these solutions will help your organization comply with privacy laws and reduce your exposure to a data breach. |
Privacy Compliance: PC Data Protection
Privacy laws in Canada require organizations to: - Create information handling policies and procedures for the collection, use, retention and disclosure of personal information. Requirements include personal information security policies and procedures. Organizations are also required to be accountable for the implementation of these policies and procedures so that they become corporate practices. During a complaint investigation or an audit, an organization would be called upon to demonstrate how their privacy policies and procedures have been successfully implemented. An investigation would likely result after a breach and investigations in the past have determined that policies are not effective if they are not monitored.
- Implement adequate technical safeguards to protect personal information. A recent Order by the Ontario Privacy Commissioner stated that organizations who remove personal health information from the organization must encrypt that information. An Order from the Alberta Privacy Commissioner stated that if an organization had sensitive information on their laptops, they should use data encryption tools to protect the information. The British Columbia Privacy Commissioner stated an organization must implement safeguards based on the relevance of the sensitivity of the personal information at stake, the foresee ability of a privacy breach and the resulting harm, the relevance of generally accepted or common practices in a particular sector or kinds of activity, the medium and format of the record containing the personal information, the prospect of criminal activity or other intentional wrongdoing and the cost of security measures. These factors often lead organizations to data encryption.
- Keep personal information accurate and retain the information for a reasonable period of time. For example, in British Columbia organizations, subject to the Personal Information Protection Act, must retain personal information for a minimum of one year after that information has been used to make a decision about the individual. If that information is lost or compromised, the organization could be found non-compliant unless the data can be recovered accurately.
Often violations of privacy laws result from a data breach of personal information. It is a major compliance risk for organizations.
Privacy Review: Iron Mountain's PC Data Protection
Iron Mountain PC Data Protection Suite automates corporate security policies and procedures thus eliminating reliance on users to follow corporate practices. It provides the organization central control of personal data that resides on computers, whether or not the computer is in the corporate office. It eliminates data breaches if a computer is lost or stolen as the data is encrypted. The program provides the organization assurances that encryption is running as it can be centrally monitored. The encryption is controlled by the organization and the user cannot select which files are to be encrypted or turn off encryption. It self assesses against corporate policies.
|
 |
The PC Data Protection Suite goes beyond encryption as it allows companies to control data even after a loss of the computer, after password integrity has been breached, an individual is let go, the device is stolen or the encrypted data is transferred to a removable drive. When a security policy is breached, the PC Data Protection Suite deletes the encrypted data following DoD 5220.22-M standards as specified in the National Industrial Security Program Operating Manual. For example, personal information can automatically be deleted after a failed login attempt or a lack of contact with the network. Also, the organization can delete information from a central control anytime the computer is connected to a network or when it first comes in contact with the Internet.
The PC Data Protection Suite also goes beyond deletion of information, it provides the organization the ability to restore the information. This is important to maintaining compliance with the accuracy requirements and retention requirements found in privacy laws. After a suspected breach, the organization restores the information thus maintaining compliance. This is also quite beneficial after a breach as is allows the organization to perform forensics to identify what information could be breached, even though it is encrypted. It also provides evidence necessary during an investigation or a legal proceeding. |
Iron Mountain Privacy ROI
To calculate the privacy return of investment (Privacy ROI) an organization would calculate it based on a risk model. A risk model would take the average cost of a breach, the likelihood of a breach over a 3 to 5 year period, the number of breaches that could be eliminated and divide it by the cost of purchasing Iron Mountain PC Data Protection Suite. The calculation should include the cost of savings of post breach forensics and the cost savings of eliminating the need of breach notification.
The cost of a breach depends on the scope of the breach and could range from simply sending a notification to an single individual, to the cost of dealing with a Commissioner`s investigation and the cost of implementing the finding or order requirements. The Ponemon Institute calculated the average cost of breach to be $231 dollars per record, so a breach of a few hundred records is very costly.
Note: There are many non-privacy benefits to PC Data Protection Suite that you should consider when calculating the ROI of this investment. |
|
Next Steps - Free Nymity Privacy ROI Support
Contact Iron Mountain to understand the specific benefits of their PC Data Protection. Then, based on all the privacy benefits to your organization calculate the privacy ROI and the total solution ROI. If you would like assistance calculating the privacy ROI contact Nymity and we will provide free unbiased assistance.