It seems like every day a new data breach splashes across the news. As consumers, patients, customers and social networkers many of us have a plethora of information stored in various databases well outside our control. Data security officers, DBAs and other security specialists continue to do their best to educate, protect and anticipate both internal and external threats. But … the breaches continue and so do their associated costs. There are many technologies from encryption to tokenization to database activity monitoring (DAM) to data loss prevention (DLP).
Informatica just released a new option to the mix: dynamic data masking. The technology came into the company through the acquisition of ActiveBase. Since then I’ve had a number of people ask me if Informatica Dynamic Data Masking will complement or replace an organization’s existing data security technologies.
As I discussed in a prior blog related to data privacy, one option is to sit it out, do nothing, see if you get caught, plead ignorance and hope for the best.
Guess what? That option doesn’t look so promising if the recent Health Net settlement is any indication.
As Richard L. Santalesa, Senior Counsel for The Information Law Group, details here not only will Health Net pay $250,000 for its violations, Health Net must put in place an extensive (and no doubt costly) “Corrective Action Plan” (CAP) to ensure a data security breach doesn’t happen again.
Doing nothing could turn out to be an expensive option … perhaps substantially more than accounted for. To date Health Net has already spent over $7 Million to investigate the breach, notify Health Net members and offer credit monitoring services. (more…)
A Massachusetts Data Privacy law passed in 2009 went into effect on March 1, 2010.
Every person who owns or licenses personal information about a resident of the Commonwealth shall be in full compliance with 201 CMR 17.00 on or before March 1, 2010. Sounds intimidating.
What does this mean? If you hold personally identifiable information (PII) such as name, address and SSN regarding a Massachusetts resident then you need to take reasonable actions to minimize the risk of a data breach.
There is some wiggle room regarding the extent of the actions you need to take. Will you wait it out to see if the law will stand? Perhaps do nothing and risk the chance of getting caught? Maybe the fines won’t be so bad. (more…)