Featured Eseminar Auditor Download GuardianEdge Federal GuardianEdge

“Three years before news stories of lost data were commonplace, we committed to whole disk encryption on all our laptops and field office computers. The decision is paying for itself many times over with saved notification costs, brand reputation, and by living up to our customer promise of protecting their identity and confidential information.”

—Pat Lefemine, Chief Information Security Officer, Lincoln Financial Group.

Security Breach Disclosure

Using Encryption to Avoid the Costs of Data Breach Notification

Data security breach disclosure laws, such as California's SB 1386 and similar legislation being enacted in other states, have dramatically increased the risks associated with handling personal electronic records. As a result, organizations are now being forced to spend millions of dollars reacting to data breaches involving the personal information of consumers, employees and military personnel. Many of these incidents result from the theft of laptop PCs and other portable endpoint devices. To avoid the costs associated with data breach disclosures, organizations need solutions that protect personal information stored on devices vulnerable to loss or theft.



The High Cost of Data Loss

California SB 1386 is the bellwether data security breach disclosure law that requires organizations to notify affected individuals if there is a possibility that personal information may have been exposed by a data security breach. Since its enactment, more than 33 other states have passed breach disclosure laws modeled closely after California SB 1386.

Meeting the notification requirements in these laws can have a substantially more severe financial impact than the remediation of the breach itself. Gartner Research estimates that organizations are being required to spend at least $90 for each personal electronic record affected by a data security breach. The Ponemon Institute claims the cost is even higher, reporting that organizations spend as much as $140 per lost customer record. These figures include:

  • Communication with affected individuals
  • Resulting customer service expenditures (call centers, credit protection, etc.)
  • Identity theft monitoring services
  • Professional fees and legal expenses
  • After-the-fact cleanup costs and security improvements

More than one-third of these data breaches result from the loss or theft of a laptop PC, and the number of breach disclosures resulting from missing laptops is increasing at an alarming rate.

To avoid the costs associated with data security breaches involving the exposure of personal information, there is a growing need for data protection solutions that can help organizations safeguard data at rest on endpoint devices.

The Solution: Comprehensive Endpoint Data Protection

While breach disclosure requirements may vary from state to state, California SB 1386 and almost every other breach disclosure law has one important thing in common, a safe harbor provision for encrypted data. By implementing encryption to secure data at rest on laptop hard drives, removable storage media, compact flash (CF) cards and the like, organizations can avoid disclosures when laptops and other endpoint devices are lost or stolen, thereby saving dramatically on service costs and avoiding damage to brand equity and goodwill.

As an industry-leading provider of data protection solutions, GuardianEdge is committed to helping organizations reduce the cost and complexity of information security and regulatory compliance management. The GuardianEdge Data Protection Platform offers a managed, enterprise-grade approach to securing data that is at rest or portable.

This includes a full range of software solutions designed to provide robust and manageable protection for sensitive information stored on laptop or desktop PCs, or transferred to portable storage devices. The GuardianEdge Data Protection Platform combines endpoint data encryption, strong multi-factor user authentication, centralized administration and monitoring, and many other enterprise-grade management capabilities. The result is a comprehensive and scalable solution that provides protection for endpoint data across the organization from a single point of control.

By implementing GuardianEdge solutions as part of an integrated system for managing information security, organizations can:

  • Avoid notification and customer service costs accompanying the disclosure of a data breach
  • Lower the risk of loss of sensitive, proprietary or legally protected information
  • Prevent erosion of brand equity or goodwill, and promote a stronger corporate image
  • Eliminate the legal liability associated with data breach disclosure
  • Prove that information has not been leaked

The Bottom Line

Dealing with the repercussions of data security breaches that stem from the theft or accidental loss of laptops, PCs, removable storage media or other endpoint devices containing personal information can cost millions of dollars. It can also do irreparable harm to the trust customers, partners, and investors have placed in the governance of organizations. However, enterprises can safeguard endpoint data and achieve compliance with mandatory breach disclosure laws with data protection solutions such as the GuardianEdge Data Protection Platform. The GuardianEdge solution provides a unified approach that integrates multiple endpoint data protection controls under a single management framework. The result is a solution that organizations can use to eliminate a significant source of risk while minimizing their exposure to data breach disclosure laws, such as California SB 1386.