The Identity Theft Resource Center (ITRC) announced on August 22, 2008 that the total number of data security breaches identified by the ITRC for 2008 has surpassed the final total of 446 security breaches reported in 2007. As of August 22, the number of confirmed data breaches for 2008 totaled 449. The ITRC notes, “[T]he actual number of breaches is most likely higher, due to under-reporting and the fact that some of the breaches reported, which affect multiple businesses, are listed as single events.” The report can be found on the ITRC’s Web site at idtheftcenter.org.
The breakdown of the most common known causes of the security breaches is as follows:
Lost or stolen laptops and other removable media |
21.2 percent |
Employee or insider theft |
15.6 percent |
Accidental disclosure |
13.8 percent |
Hacking |
12.9 percent |
Loss or disclosure by subcontractors |
10.9 percent |
Many companies believe the vast majority of security breaches come from hackers. The figures above illustrate, however, that security breaches due to hacking are a relatively small percentage of the overall total of security breach instances. The report demonstrates the importance of establishing effective data retention and security policies as well as the need to enforce compliance with those policies. While records/data storage and retention policies establish processes for minimizing malicious causes of security breaches (e.g., hacking and employee theft), policies also are particularly effective for reducing and avoiding “innocent” breaches (e.g., lost or stolen laptops or removable media, accidental disclosure, or loss or disclosure by subcontractors).
Accordingly, companies should ensure that their records/data storage and retention policies address, among other things:
Chanley T. Howell
Jacksonville, Florida
904.359.8745
chowell@foley.com