According to Ernst & Young's 2003 Global Information Security Survey, 90% of global organisations say information security is of high importance for achieving overall objectives, but only 34% of organizations claim to be compliant with applicable security-driven regulations.
The Global Push To Protect Confidential Information Online is a free publication by SurfControl, a web and e-mail filtering company, designed to aid compliance and protect confidentiality. Susan Getgood, senior vice president of SurfControl, said:
"Companies worldwide realise that they cannot leave electronic content unsecured – no more than they would leave computer networks unprotected from viruses, spam or hackers.
"Companies must be proactive – determine what electronic content is being generated, develop policies regarding who has access to data, why, and what regulations must be met, and employ technology that enforces the rules and ensures regulatory compliance."
Multinationals know the disclosure of confidential information – whether accidental or intentional – can negatively impact a company's brand, reputation and business. Headlines featuring major corporations involved in electronic breaches of confidentiality are becoming more frequent. Eli Lilly and Company settled U.S. charges that it disclosed 669 e-mail addresses of Prozac users, while Hewlett Packard fired an employee who leaked internal memos about the company's status while the company was in merger talks.
Mark Uncapher, senior vice president and counsel of the Information Technology Association of America said:
"As companies grow and begin to operate beyond their own borders, IT professionals must understand and comply with a variety of unfamiliar confidentiality laws... SurfControl's white paper is a useful review of issues that companies need to understand to avoid running afoul of the law."
The white paper examines national consumer privacy laws throughout the US, Europe and Australia. For instance, Italy has a law that requires companies to secure data with anti-virus and firewall devices; France's privacy law carries penalties for non-compliance of up to three years in prison and a fine of up to €45,000.
Getgood explains:
"Despite the differences in international law, nearly all industrialised countries have some kind of law in place to protect privacy and confidential data. So, no matter where companies are doing business, they need some kind of technology to assure compliance and avoid costly embarrassment."
SurfControl offers filters that can be customised to minimise the risk of disclosure of confidential information by e-mail – e.g. scanning for selected words or phrases before a message is sent. It can also block public instant messaging traffic or peer-to-peer applications.