Data protection a "contradiction in terms"

June 27, 2007 from ITBusiness - “"What's interesting in financial services is that it is the combination of data that becomes valuable information when it comes together to create an identity," Axelrod said. "If you are just going to file away social security numbers with no way to tie them to identity, they're actually pretty innocuous; but even if you just have a way to associate that information to a phone number or other data, someone can put things together..."

Axelrod said for the record that "data protection is a contradiction in terms," and that the process will never be perfected, based on the nature of IT systems and the need for businesses to easy retain access to important information…

Regulations like the Sarbanes-Oxley Act have proven less effective than legislators might have initially hoped they would be at improving overall data security because businesses have focused on meeting the terms of the guidelines versus boosting their overarching protection schemes, Fusco and other panelists agreed.

However, some industry-driven security requirements, such as the PCI (payment card industry) standard forwarded by credit card issuers, have had the desired effect, experts said.

Well-written guidelines can help make the difficult task of convincing senior executives to increase their IT security budgets easier, alleviating one of the most significant challenges of the entire data protection process, according to Steve Peltzman, chief information officer at the Museum of Modern Art in New York…”

180 View – Take a look at Payment Card Industry (PCI) Data Security Standard https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf to see the “well-written guidelines”. We see a lot of overlap between the various regulations and authorities on security, and sympathize with organizations struggling to protect their data as well as comply with regulations.