Industry

The Privacy Rights Clearinghouse’s Chronology of Data Breaches documents over 356 million records that have been compromised due to security breaches since January 2005.

DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The effort is now a community one, and with the move to Open Security Foundation’s DataLossDB.org, asks for contributions of new incidents and new data for existing incidents.

Identity Theft Resource Center® (ITRC) is a nonprofit, nationally respected organization dedicated exclusively to the understanding and prevention of identity theft. The ITRC provides victim and consumer support as well as public education. The ITRC also advises governmental agencies, legislators, law enforcement, and businesses about the evolving and growing problem of identity theft.

National Institute of Standards Technology

logo-NIST (NIST) Special Publication 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII); April 06, 2010

The need for federal agencies and commercial enterprises to take effective measures to protect their personally identifiable information (PII) and other sensitive data has never been greater. With data thefts and breaches in the news, regulators and legislators are imposing higher standards for protecting sensitive personal and financial information, with higher fines and penalties for offenders. To assist these efforts, the National Institute of Standards and Technology (NIST.gov) recently published SP800-122 which provides guidelines for protecting the confidentiality of PII.

The NIST.gov document explains the importance of protecting the confidentiality of PII in the context of information security and explains its relationship to privacy using the the Fair Information Practices, which are the principles underlying most privacy laws and privacy best practices. PII should be protected from inappropriate access, use, and disclosure. This document provides practical, context-based guidance for identifying PII and determining what level of protection is appropriate for each instance of PII. The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for incidents involving PII.

For more information on how dataguise solutions can help meet the key recommendations from NIST contact us today.