Master Compliance to Avoid Data Loss, Survey Says

Lora Bentley

A study released Thursday by the IT Policy Compliance Group found a direct correlation between a company's compliance initiatives and the number of data breaches it weathers. Baseline reports:

Companies with two or fewer compliance deficiencies annually are likely to have two or fewer data losses or thefts in the same time period, according to the report. Conversely, organizations that lag when it comes to compliance (10 or more deficiencies in a year) are likely to experience data loss more than a dozen times annually.

IT Policy Compliance Group managing editor Jim Hurley says the results are "surprising," but that the data shows an "undeniable relationship" between the two factors. He explained the correlation to Baseline as follows:

...[C]ompanies with the fewest control objectives -- safeguards put in place to support security and other policies -- are least likely to experience a data loss and most likely to perform well on regulator audits... Businesses with fewer controls are focusing on managing exceptions rather then spending time and labor trying to manage everything.

The Cleveland-based research firm surveyed 2,000 companies, and the report included data on publicly reported data losses


Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Dec 6, 2007 4:45 PM Wayne Flansburg Wayne Flansburg  says:
As a Certified Identity Theft Risk Management Specialist and a small business owner, I see a pattern developing with respect to privacy, safety and security of information in businesses nationally. We call it the head in the sand system or better stated: It wont happen to me. Perhaps SOX, HIPAA, FACTA and GLB are not household names in the business world. But, when Uncle Sam knocks and the regulators are at the door.its too late. Wouldnt a little proactive behavior in the fraud prevention arena be worth the time and energy (and ounce of preventionetc.)? Call a specialist today.they could save you and your business from a nightmare of legal quagmires. Go to http://www.tifrm.net/directory.aspx?id=107 - put in your zip code and find a CITRMS certified professionalnow! Reply
Dec 15, 2007 4:06 PM C Curtis C Curtis  says:
I can't agree with you more! I can't count how many CEO's and business owners apparently feel impervious to a data breach or compromise. I've even noted a slight disinterest in the Chambers of Commerces...Having worked in the area of regulatory compliance for over 20 years, I've seen repeatedly that one's back must be against the wall, and even then, you have to command focused attention to the realities of the inevitable.My realities, I've been a victim 6 times since 1983 and it just doesn't ever go away. The 2nd incident, in 1993 when income was reported in my name (ss#), lead to a federal investigation that year, but then also consecutive IRS audits for 7 years thereafter. Unfortunately, it'll get worse before it gets better. If only those most responsible for possessing such critical information (businesses) would act responsibly and take reasonable steps called for by federal legislation, before the unanticipated data breach or compromise occurs. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.