With the recent introduction of the new Massachusetts Data Privacy Law, known to lawyers as 201 CMR 17.00, which is the most far-reaching state-mandated privacy law to be enacted to date, you can expect a slew of states to follow suit. That means that, shortly after Jan 1, 2010 when the Massachusetts law comes into effect, you can expect that no matter where you operate in the US, you can expect to be subject to strict information security and privacy laws as you transfer data back and forth across your supply chain channels. But are you ready?
According to RSA, the Security Provision of EMC, you need to:
- understand what data is sensitive,
- know where the data resides,
- understand your risk,
- select the appropriate controls,
- manage security centrally, and
- audit security to constantly improve.
But will this be enough? According to the Aberdeen Group, who recently released a white paper on 6 Best Practices to Prevent Enterprise Data Loss, more than 262 million records have been breached since January 2005. Considering that an average data loss will cost an average company $6.6 Million per breach, this, combined with upcoming laws that will let lawyers go to town, makes this a Billion dollar problem in your supply chain.
So next time you upgrade your supply chain technology, you might want to spend extra time examining the software security controls, whether or not it can implement your policies, and whether or not it has an API that will allow you to integrate security and policy management into your data loss prevention (DLP) software platform. Just like LDAP and single-sign on was important at the beginning of this decade, DLP is going to be key as we enter the next one.