Seattle – Feb. 11, 2015 – The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust, today released its 2015 Data Protection & Breach Readiness Guide. The annual guide, first published in 2009, provides businesses with prescriptive advice to help optimize their data privacy and cybersecurity practices to prevent, detect, contain and remediate the risk and impact of data loss incidents and breaches.
Developed through a multi-stakeholder process and input from over 100 security and privacy experts, the guide includes security-enhancing best practices and risk assessment advice. It also reflects input from attendees of OTA’s Data Privacy & Protection Day Town Halls, which included representatives of the FBI, Federal Trade Commission, U.S. Secret Service, State Attorney General’s Offices of New York and California, and others.
Responding to Presidents Obama’s recent call for federal breach legislation, as well as calls for increased legislation from the New York and Washington State Attorneys General, OTA has been providing insights to enhance consumer protection. Last week OTA hosted a Congressional briefing to nearly 100 staffers outlining legislative considerations and best practices, including expanded definitions of personal information, enhanced consumer notification and sharing threat intelligence with law enforcement.
“The Online Trust Alliance’s latest Readiness Guide will be an invaluable resource to businesses in today’s data-driven environment,” Washington Attorney General Bob Ferguson said in a published statement. “It seems almost daily we hear about another data breach. My office is dedicated to protecting consumers from the release of sensitive information and ensuring they are informed when it does unfortunately happen. OTA’s publication will help businesses to prevent breaches before they occur and respond effectively if they do.”
“Cyber threats continue to evolve, and governments, businesses and private consumers need to similarly evolve to protect themselves,” said Timothy Wallach, Supervisory Special Agent over the FBI's Seattle Cyber Task Force. “The pillars of data security are digital literacy, up-to-date awareness of threats and active security protocols. Anyone who wants to protect themselves online needs to start with educating themselves in those areas, not once but continually.”
"The Secret Service continues to enhance U.S. national security through multi-lateral investigations that enhance the safety of cyberspace. In order to maintain a competitive advantage over today’s cyber criminals, it is critical that the public and private sector continue to proactively leverage the power of task force partnerships. Our continuing success in high-tech investigations is a result of the collaborative efforts of law enforcement and private sector partners," said Robert Kierstead, Special Agent in Charge, Seattle Field Office, U.S. Secret Service.
The 2015 Data Protection & Breach Readiness guide includes:
- A template with recommended language to use when notifying the public of a data breach
- An expanded examination of the importance of completing security and privacy assessments, and audits of vendors and cloud providers
- Details regarding the importance of sharing not only breach data with law enforcement, but also threat intelligence, including attempts and suspicious activity
- An expanded section on security best practices to help prevent, detect, contain and remediate the impact of a data loss incident
- Expansion of previously released OTA data showing that
- 90 percent of data breaches occurring in the first half of 2014 could have been easily prevented by adhering to commonly accepted best practices for data protection
- 40 percent of data breaches in 2014 were the result of external intrusions, while the remainder were caused by a lack of internal controls/employee actions (29 percent) lost or stolen devices/documents (18 percent), and social engineering/fraud (11 percent)
“As businesses and consumers across the nation fall victim to increasingly precise cyber-attacks and wide-reaching data breaches, now is the time to support comprehensive legislation to help protect personal and corporate data, promote security best practices and encourage the sharing of threat intelligence,” said Craig Spiezle, Executive Director and President of OTA. “OTA’s guide is a tool every organization should consider adopting in order to practice responsible data stewardship and prepare for the inevitable data breach incident.”
White House Summit on Cybersecurity and Consumer Protection
The guide is being presented at the National Cybersecurity Open House that OTA is co-hosting in partnership with the Department of Justice, FBI and U.S. Secret Service, on Friday, Feb. 13, from 8 am to 2 pm PST. This open house will be held at the Washington State Criminal Justice Training Commission in Burien, Wash., and is one of several across the country where attendees will view via a live video feed, the White House Summit on Cybersecurity and Consumer Protection taking place at Stanford University. After watching the summit, attendees at the Washington state event will view an in-person discussion about cybersecurity and data privacy with speakers from the FBI, U.S. Secret Service, U.S. Dept. of Justice, and Microsoft.
To view the 2015 Data Protection & Breach Readiness Guide, go to https://otalliance.org/breach.
The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.