Kroll Cyber Security Blog – A Dialogue on Data Security

Why your fax machine may be your worst security risk

Last week, a data breach made headlines in Canada, when a woman’s private medical information was faxed by her doctor’s office to a newspaper. It was no doubt a mistake; a simple case of a wrong number. The laws of probability assure it will happen from time to time, but unfortunately, this type of breach becomes more insidious when you look at the details. In some instances, it is hundreds of records that are faxed over a multi-year time span. And in those cases, oftentimes the doctor’s offices and government entities knew of the problem, but still took years to correct it.

On Monday, MA 201 CMR 17.00, which protects personal information collected from consumers, will take effect in Massachusetts. The new rules are meant to ensure the security and confidentiality of personal information, to protect against anticipated threats to the security or integrity of such information, and to safeguard against unauthorized access to and use of personal information in a manner that creates a substantial risk of identity theft or fraud.

One of the most popular New Year’s resolutions involves putting oneself on a diet – but perhaps consumers should really consider a “data diet.” Kroll strongly advises both its corporate clients and consumers to practice data minimization to dispose of old, outdated or unused data. The practice is important to data security because thieves can’t steal what you don’t have. It’s a great “exercise” for consumers, too, because everyone has a tendency to unnecessarily gather and carry plenty of paperwork, emails, and other items that hold sensitive personal information – items that serve no other purpose than as a liability for theft or loss.

On Monday, January 18, 2010, Kroll Fraud Solutions will post the first in our series of data security tips for consumers. The tips are part of our effort to make data security a New Year’s resolution for all consumers.

There are many ways that individuals can safeguard their sensitive personal information. Check back next week, and in the future, for helpful tips and advice.

Welcome! I am Brian Lapidus, the COO of Kroll’s Fraud Solutions practice group, and it is my pleasure today to launch the Kroll Fraud Solutions Blog: A Dialogue on Data Security, a destination designed to share information; generate thought-provoking content; and stimulate conversations related to data security and identity theft related issues. While I have the honor of kicking off this effort, several expert contributors will lend their thoughts on a regular basis — including many of Kroll’s Certified Fraud Examiners, our Licensed Investigators… and you.