You only have to turn on the TV or read your favorite online news site to see how easily private or sensitive information can be captured, disseminated or used for purposes other than what was intended. While the WikiLeaks controversy may just be the latest dramatic case, it does remind us that email and other communications we treat as private are anything but and, in the wrong hands, that information can be used to commit identity theft or to do irreparable harm to businesses and institutions.
The reality is regular email communication on the internet is open for anyone who wants to go through the trouble of listening. Even if you’re securing data locally, your organization is vulnerable to a breach. After all, it only takes one user to forward emails with sensitive data to a business partner or innocently send them to his personal email account so he can work with the information at home.
46 states have adopted digital security laws
This issue is such a concern for businesses that industry and government regulators have adopted a variety of digital security laws to protect business and personal data. In fact, 46 states, the District of Columbia, Puerto Rico, and the Virgin Islands have all enacted data security legislation. And in late 2009, the US House of Representatives passed the Data Accountability and Trust Act (DATA) which, if passed by the Senate and signed into law, would override existing laws and provide more uniform definitions of data and rules on enforcement.
The recent passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act allows for penalties of up to $1.5 million
Current state and territorial laws carry heavy financial penalties that make it difficult for organizations to ignore. Massachusetts, for instance, now imposes a penalty of $5,000 per personal record that’s not encrypted when sent over the internet. And Florida allows for penalties of up to $500,000 for companies that fail to encrypt sensitive data and notify residents whose data has been compromised. There are other ways companies can feel the pain of not taking data security seriously – the recent passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act allows for penalties of up to $1.5 million for healthcare industry data breach violations.
In other words, email encryption and data protection are serious business.
Encrypting is the solution
To avoid these major penalties – and, of course, avoid compromising personal and private data in the first place – organizations are looking to solutions that send legal documents, business data, and personal information in a security-rich, encrypted format that can’t be intercepted or modified in transit. The best of these solutions are implemented seamlessly with minimal impact to users and the local IT environment, and are policy based to avoid user reliance on remembering which emails should be protected. All of them, of course, should.
Previously, email encryption products focused on client-side installs that were implemented on a per user basis and were difficult to deploy and manage. Now, solutions like IBM Lotus Protector for Mail Encryption provide a network appliance-based solution that solves this issue for both Lotus and Microsoft email platforms. Designed to ensure that emails including attachments can be easily and securely sent and received on the internet, Lotus Protector also makes it easy and cost effective for businesses to exchange sensitive email with verified third parties, helping to meet regulatory requirements, minimize costs and exchange information online with confidence.