Kurt Peters , Executive Editor
Protegrity Research Shows Companies Are Still Struggling with Industry, State, and Federal Regulations and Guidelines
STAMFORD, Conn., June 30 -- Research from a survey conducted in May and June 2005 by Protegrity Corporation, the leader in Data Security Management(TM), shows that 53.9% of IT professionals surveyed believe their companies are still not entirely clear about current data security requirements as outlined by the Payment Card Industry (PCI) Data Security Standard, which goes into effect today for companies annually processing more than 20,000 Visa transactions involving credit card data, as well as regulations imposed by laws such as California SB 1386, Sarbanes-Oxley, and HIPAA. One-third of survey respondents indicated their companies today would fail compliance audits.
Despite the emphasis these regulations place on data security, 41% of respondents said their companies are spending 10% or less of IT security budgets on data and database security. Not surprisingly, 87% of respondents believed that internal misuse of sensitive data was the biggest threat to their companies, based on current security solutions in place.
"This data demonstrates why we`re seeing headlines about data thefts," said Gordon Rapkin, CEO of Protegrity. "Many companies are confused about the requirements themselves. Others are overwhelmed by the prospect of putting together a cohesive strategy that encompasses the entire enterprise. And a few are still thinking `it will never happen to us.` But to consumers and shareholders, no excuse is good enough when it comes to data security." Rapkin pointed out that despite the publicized data thefts occurring during the spring and early summer, the level of investment in securing sensitive data remains very low. In a poll conducted by Protegrity in March 2005, only 7% of respondents said their companies had actually made investments in data and database security.
The 12 requirements of the PCI Standard, adopted by Visa and MasterCard, as well as other major credit card companies, range from encrypting transmission of cardholder data and sensitive information across public networks to restricting physical access to cardholder data to maintaining a security policy that addresses data security. By not complying with these requirements, companies risk hefty fines as well as the revocation of rights to handle credit card transactions. Additionally, state laws such as California`s SB1386 require companies to report to consumers any breach in data security when sensitive data is not encrypted.
"Public companies disclosing data thefts report revenue losses in the millions and even bigger losses in market capitalization," said Rapkin. "It`s unconscionable that these incidents continue to happen. Data must be secured at every step - from the moment the credit card is swiped until all records of the transaction have been deleted. Any organization in this chain is obligated to protect the credit card number and other private data. Consumers should never have to worry about the security of their personal data."
For a copy of Protegrity`s most recent data security survey, send an email request to firstname.lastname@example.org..
Protegrity Corporation is the leading innovator of enterprise-wide data security management. The company`s flagship product, Secure.Data, enables companies to deploy comprehensive security policies that empower management to confidently take responsibility of their sensitive data. Many leading retailers and credit card processors use Protegrity for protecting cardholder information. With Secure.Data, organizations can mitigate corporate risk and assure compliance with regulatory obligations. Protegrity`s solutions are platform independent and are designed to protect information wherever it resides in today`s highly distributed computing environments.
For more than eight years, Protegrity`s award-winning technology has enabled customers address and resolve critical security challenges. Protegrity invented the core technology used for data-level encryption and owns key patents for database security and protection. For more information, visit http://www.protegrity.com/ or call 203 326 7200.
Secure.Data is a trademark of Protegrity Corporation. All other trademarks are the property of their respective owners.