As time goes on and data security gets more serious, companies are learning to shed their “It won’t happen to me” attitude. The consensus among security experts is that it’s now a “when” question for most companies, not an “if” question for data security breaches. It’s such a pervasive problem, and one that every citizen can be affected by, that President Obama has been talking about it.

Proposed Legislation

The President’s focus, and most of the legislation out today, is on ensuring that companies respond to data breaches in a timely fashion. Obama has now jumped in and proposed legislation that would give a 30-day timeframe for a company that has experienced a data breach to inform their customers of that breach. While the legislation isn’t a perfect solution — for example, it would override any state policies, even if those policies were stricter than the proposed federal guidelines — it is raising the profile of this issue, illustrating that the government is making data security a priority.

What the Legislation Means to Your Company

One important thing to take away from this propsed legislation and Presidential discussion isn’t the timing of disclosure of a security breach, but the fact that the federal government is scrutinizing security breach issues. Data breaches have the potential to impact not just your business, but your individual customers and employees.  That has made this a political issue, not just an IT or business issue.

While the current and proposed legislation focuses primarily on the aftermath of a breach, it has also raised the level of the discussion beyond IT regarding a company’s data security policies, procedures and technology. CEOs and Boards of Directors are asking IT departments questions about corporate data security. Although you might not be able to provide 100% protection against a data breach, there are many areas where you can be highly confident of preventing them. Hackers will continue to find new ways to access your network or data and you may not be able to completely secure against that ever-changing threat. But many data breaches are not from sophisticated hackers – rather, they are from documents getting tossed in the trash, lost or stolen laptops, lost USB drives, missing hard drives, and other seemingly preventable cracks in a company’s data security systems and policies.

How to Protect Your Company’s Data

We know that when it comes to physically handling data-bearing devices, the solution is policy, process and people. Just having good policies i
s not enough. You must have procedures in place that enable people, who have been trained and understand the process, to execute the procedures properly.

For asset retirement and disposal, that includes how you handle and store the hard drives or devices with flash drives like tablets and smart phones, which data destruction partner you use, and what data destruction procedures you choose to follow. It also includes documenting the processes and having a strong audit trail. Obama is raising awareness of data security and data breaches, and proposing more legislation that could increase penalties in the case of a data breach. If you are involved in IT Asset Disposal (ITAD), you want to make sure that the end-of-life process is secure.  Done right, ITAD can significantly lower the risk of a data breach during asset retirement.  Work with a ITAD partner to develop a program that meets your company requirements and keeps you out of the data breach limelight.

For more information regarding Minimizing the Risk of IT Asset Disposition,click here.