|
The following are countries that have legislative actions that address privacy concerns:
Australia
Privacy Amendment
(Private Sector)
Act 2000
Canada
Personal Information Protection and
Electronic Documents Act
Hong Kong
Principle 4 Security of
Personal Data
Japan
Privacy of Personal Data
New Zealand
Principle 5 Security of Personal
Information
United States
Health Information Portability
and Accountability Act
(HIPAA) 1996;
Gramm, Leach, Bliley Act |
|
|
 |
| Welcome to Common Sense: IT Procurement News |
|
Common Sense is a newsletter focused on helping you, the IT procurement/purchasing professional, access the information you need to:
- understand the value you are receiving from Compuware products
- identify opportunities to cut costs.
We hope you find Common Sense both helpful and interesting. It is our goal to provide useful information to help you build a compelling business case you can convey with confidence, guarding against the squandering of hard-earned IT budget money.
This quarter's issue of Common Sense is the second installment in a two-part series examining how to minimize the risks associated with unauthorized exposure of your company’s business-critical applications and data.
A Data Privacy Initiative: Invest Now or Pay Later
 |
In your opinion, is Data Privacy a topic that does not have much to do with purchasing or the daily objectives of the procurement professional? Or, is reading Wall Street Journal articles about the unfortunate security breaches at other companies as close as you’ve come to thinking about protecting your company’s data assets? If you answered "yes" to either question, then it might be time to re-examine some areas where you can make a pre-emptive strike against unplanned financial losses. By understanding the risks associated with data vulnerability and preventing just one incident, you could save your company thousands or even millions of dollars. |
Corporate Risk and Liability
|
There is no price you can attach to your company’s brand name and reputation. Even a whisper of a security breach could permanently destroy years of brand-building and seriously wound the trust of your loyal customer base.
The causes surrounding data breaches vary. Recent press articles have revealed everything from professional hackers, to stolen PCs, to tapes falling off trucks. However, test data privacy is proving to be one of the most important areas that needs to be addressed by corporations. |
Budgetary Allowances
|
Keeping sensitive data safe is a daunting and critical task. And because of looming mandatory federal and state regulations, coupled with widespread media coverage, protecting sensitive data is now an extremely high-profile task chartered to your company’s IT professionals. Consequently, it is important that these individuals have the proper tools, people and methods not only to assess your company’s data privacy risks, but also to facilitate a thorough and efficient privacy assurance program. If your IT organization already owns the Compuware products, they’re closer than they may think to complete their mission.
Additionally, because of the complexity, bleed-over between platforms, and cost issues surrounding data privacy assurance; Compliance Officers, Security Administrators, Application Managers and Quality Assurance Managers are looking to areas outside of their own department (including procurement), to assist them with new budgetary challenges. All of these individuals are responsible for getting compliant--but at what cost? |
Potential Dangers in the Application Test Environment
|
While organizations may think that test data is immune from privacy threats or is less important than other risks, these environments are often more vulnerable. Test environments are less secure and may be exposed to a variety of unauthorized sources, including in-house testing staff, consultants, partners, and offshore development and support personnel. Securing test data is essential to avoid privacy abuses and data mishandling, and lower the cost of compliance as well.
Another area within compliance testing that may cost your company dollars is wasted system resources. If your company’s testing effort is not driven by a good methodology, solid products and skilled people, you could be incurring unnecessary MIPS and CPU consumption. Liability plays a role in testing as well. For many companies, compliance efforts will be subject to ongoing audits and accordance must be proven. |
|
|
Corporate Culture and Mandate
|
For many companies, Data Privacy is new territory. Hiring a Chief Compliance Officer or Security Administrator, or making this the responsibility of an existing executive, is just one component of a good data privacy plan. Another step many businesses are taking is to launch corporate "data security" awareness programs. These initiatives are designed to educate not only those individuals working daily with sensitive data, but all employees. Core reasons vary from due-diligence, to good corporate communication, to avoiding a company-wide "it could never happen to our company" attitude. An employee wouldn’t hand someone they didn’t know the "keys to the front door." So, it is just as important that all employees understand the risk of transmitting sensitive data (knowingly or not) to an insecure environment. All individuals at all companies are in some way responsible for keeping corporate data secure.
|
Global Event
|
Technology is the "magic carpet" that facilitates the global economy and, for many businesses, the key to strong financial growth, competitive market-share gains and for some, the only avenue to an international marketplace. This same magic carpet, however, serves as a welcome mat for many potential problems. If your company is doing business internationally, be aware that data privacy laws and the enforcement of these laws vary country to country.
|
Does Your Company Have a Plan in Place?
|
Today, Compuware is helping many companies identify and secure their test data by providing the people, processes, and the use of products for both mainframe and distributed platforms.
Your company has the power to prevent and/or minimize the damage to your corporate purse and reputation due to a security breach—possibly by using tools you may already own.
If you or your company’s Chief Privacy Officer would like to read more about Compuware’s Data Privacy Solution, please follow this link.
Data Privacy through Compuware File-AID, File-AID/RDX, and File-AID/Data Solutions—Our data privacy workbench enables you to scramble, translate, generate, age, analyze and validate test data. If you need additional help, we have people with the knowledge and experience to manage the process.
Application Auditing through Compuware Hiperstation —This solution builds on Compuware's application security leadership and award-winning products by enabling IT organizations to proactively address the enterprise application security challenge.
Compuware’s Application Auditing solution:
- serves as a deterrent to inappropriate activities
- contains and lessens the impact of a breach if one occurs
- lowers cost of regulatory compliance
- reduces risk and liability associated with production security and data privacy
- improves rapid response for auditing infractions and application problems.
To learn more about how to protect your critical applications, click here to download the Compuware white paper, "Application Auditing: Guidelines for Investigating Internal Data Breaches." Also view an on-demand webcast, "Take IT Security One Step Further—Investigating Internal Data Breaches."
|
If you or someone in your IT organization would like to learn more about Compuware’s solutions, or if you would like to tell us your unique story on how Compuware products saved your company money, please send an e-mail message to: vomail@compuware.com
|
|
