Data Protection In Perspective: Is What You've Got In Place Good Enough To Avoid 80% Of Your Risk Exposure? By Rick D'Angona, Experian

Data in all its forms has become the currency of choice for businesses and criminals alike. In less than a decade, the explosion of electronic communication channels has created a thirst for information and replaced traditional ways of thinking and responding to our environment. "Old-school" ways of opening up bank accounts, paying bills, looking for real estate and connecting with friends have been replaced with online sessions where people connect to one another and companies do business with at any time from anywhere. Anyone can create a blog and share anything they write with anyone able to find it.

Local merchants once familiar with their customers are moving toward targeted electronic e-mail communications to attract customers most inclined to buy their goods. Lists of prospects that fulfill specific attributes — such as baby boomers that subscribe to Travel and Leisure magazine with high net-worth accounts at Charles Schwab — can be purchased from experts in online marketing.

Sometimes it's possible to collect bits and pieces of critical data from more than one source to build a profile that can be used as a means to an end. Imagine an entry in MySpace that shares photos and intimate details about someone who is registered in LinkedIn as working at a company that provides mortgages to high-end borrowers. Identity thieves can cull this data to target individuals who may be able to help them access valuable personal information on people with high credit scores. The Orange County District Attorney's office has convicted several identity thieves who have successfully connected these dots to build identity theft empires in Southern California.

Before we can put the concept of data protection in perspective, there are two fundamental statements that must be answered:

• What is your data, and why would anyone want it?
  Understanding the value of your data to your business and to those who may want it to commit fraud or gain unauthorized access to your customer accounts is the first step toward understanding how to scope your data protection efforts. Your customers have a low level of tolerance and will abandon breached companies without hesitation. In large part, customer retention is built on trust. Trust developed over many years can evaporate overnight if data is breached.

  Added to the mix are regulatory requirements that continue to focus on data protection. Legislators are attempting to get the proverbial horse back in the barn by imposing strict data protection requirements on companies in reaction to highly publicized, large data breaches.

• There is a lot riding on how well you protect your valuable data.
  As you examine your environment and the processes you have in place, how do you know whether you are doing the right things? How do you know when "good" is "good enough" to protect you and your customers?

Join us at Data Protection 2008 to put your data protection program in perspective. Rate your program by answering seven questions that will help you decide whether what you have in place is good enough.

Rick D'Angona is the Chief Information Security Officer for Experian® (www.experian.com), headquartered in Costa Mesa, California.