Kroll Fraud Solutions Blog – A Dialogue on Data Security

When we mentioned the possibility of a federal breach notification law in our 2011 data security forecast, there was little room to elaborate on the Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework. This report was released in December 2010 by the Department of Commerce Internet Policy Task Force. One of the recommendations included in this report was that the government should take up the task of developing a federal security breach notification (SBN) law.

Today marks the final two months before the 2011 deadline for tax returns to be submitted. In this fairly short time period, an extraordinary amount of data will be sent from individual consumers to the IRS. For many, it will be a first foray into e-filing their returns as well.

With that in mind, Kroll is taking this opportunity to remind taxpayers to remain diligent with their sensitive information when filing electronically, releasing our yearly crop of taxpayer tips. Whether it’s filing taxes, banking online, making purchases, or even just checking e-mail, online safety is of great importance. The fact that technologies – in addition to the scams and data thefts that inevitably follow – change at such a rapid pace, consumer vigilance has become increasingly important.

Kroll’s data security education efforts are in full swing as our experts participate in three upcoming International Association of Privacy Professionals (IAPP) events over the next three weeks.

First up is the IAPP KnowledgeNet in Charlotte, North Carolina on Wednesday, February 23. Kroll’s own Alex Ricardo, CIPP and co-presenter Ted Claypoole from Womble, Carlyle, Sandridge & Rice, PLLC will be speaking on the topic of Cyber Risk and Network Security.

Up next is KnowledgeNet in New York City on Tuesday, March 1. Mr. Ricardo will again be co-presenting at this event, this time with Dan Shoemaker, Vice President of International Business at HireRight. The topic of their presentation is Protecting (Not Invading) Privacy with Global Background Screening.

As Director of Operations with responsibility for product development, I do my fair share of media interviews. I can only guess it’s that visibility which caused me to receive a very interesting e-mail recently. Now, bear in mind that I’m also a Licensed Investigator – which makes me (sometimes unreasonably) skeptical. But I’m convinced my instincts were spot on this time. And, because you may not be as cynical as I am about such invitations, I want to share my experience with you so that you’re on guard against leaking your own intellectual property. Here’s what happened.
I got an e-mail offering me a small stipend to lend my product expertise and perspective to a survey. The researcher was interested in talking about market drivers, customer channels, and trends in the identity protection market. We could do it over the phone, and it would take only 45 minutes or so. Flattered? Sure – doesn’t everyone want their ideas and suggestions to be considered valuable? But I balked … it didn’t feel right. In fact, it felt like a way to pick my brain (and probably a few others’) in order to develop product features based on my answers.

Sure enough, a phone call by our PR team to the researcher uncovered that the study results would not be made available to the public. It was a private report, commissioned by a private client. The researcher “got a little jittery” and cut the call short when we asked about that client.

Now, admittedly, this may have been a completely legitimate study. But why risk freely giving away insight that can stoke a competitor’s fire? What would happen if someone at your company received an invitation like this? Are you confident that your colleagues are protecting sensitive, confidential data – client and employee information of course, but also proprietary knowledge or ideas that are unique and valuable?

Stay on guard, and let us know if we can help you stay secure.