The Vault by gjjur4356


									                                 The Vault                                                                 The Vault
                                                                                                  January 2006 / February 2006

         Identity Theft — Could it happen to you?
                                                                                                  Inside this issue:
The answer is yes.           •   A 2003 CSI/FBI study
Even worse it could              found employee
                                                                                                  IDENTITY THEFT -
happen more easily               insiders commit
                                 approximately 80% of                                             COULD IT HAPPEN TO
than you think. In
                                 all computer/internet                                            YOU?
December the Toronto                                                                              A recap of Privacy
Board of Trade held an           crimes.
                                                                                                  Commissioner Dr.
event on identity theft                                                                           Ann Cavoukian’s eye-
featuring Ontario’s          •   58% of Canadians                                                 opening presentation
                                 would terminate their                                            on identity theft.
Privacy Commissioner
Dr. Ann Cavoukian. Dr.           relationship with a
                                 company that                                                     CHOOSE YOUR              2
Cavoukian cited
                                 compromised their           Destroying personally identifiable   VENDOR
several alarming points
                                 personal information.       information stored on computers
of interest:                     (Ottawa Business Journal,   is a key component of identity
                                                                                                  Readers may be
                                                             theft prevention.
                                 November 22, 2005)                                               alarmed by the use
                                                                                                  of authentic medical
•    Identity theft is the                                   consumers are at the
                                                                                                  records on a Toronto
    fastest growing form     Dr. Cavoukian                   mercy of their                       movie set. The story
    of consumer fraud in     explained that nearly           practices.                           is disturbing in more
    North America.           90% of the US                                                        ways than one.
                             population could be             The news wasn’t all
•   Victims usually          uniquely identified             bad. Dr. Cavoukian                   TO OUTSOURCE OR NOT 3
    become aware of the      through three pieces of         highlighted how                      TO OUTSOURCE?
    problem only after       information (i.e.               embracing privacy                    Security and trust are
    damage has been                                                                               huge issues. But,
                             birthday, gender, and           initiatives can present
    done.                                                                                         does handling the
                             postal code). These             an opportunity for                   issue internally
                             crimes depend on a              businesses.                          increase the chances
•   The Commissioner’s       steady, easily                  Organizations that                   of what you want to
    Office holds                                             demonstrate a                        avoid most?
                             accessible supply of
    businesses               information.                    commitment to insuring
    accountable for                                          customer privacy instill                                      4
                                                                                                  DATAXILE IN
    protecting their                                         consumer confidence.
                             Perhaps most                                                         PHOENIX
    customers’ personally
                                                             As such, they will be                NAID held a
    identifiable             disappointing is that
                                                             well positioned to build             conference in
    information.             individual consumers                                                 Phoenix. dataXile was
                                                             enduring customer
                             have little control over                                             the only Canadian
                                                             trust and loyalty. By not            Electronic Information
                             the problem. With all
                                                             taking precautions,                  Destruction Company
                             sorts of businesses
                                                             companies risk                       there.
                             collecting personal
                                                             devaluing their market
                             information about their
                             customer base,

             Destroy your information — not your company!
                                                                           The Vault

                                                    Choose Your Vendor Carefully!
                                    In an ideal world, recycling IT     Although dataXile services         Whether your documents are
                                    assets or sensitive documents       include recycling for              paper or in electronic format,
                                    would not pose a security           technology equipment we are        service providers need to
                                    threat. Unfortunately, as a         quick to point out this does not   answer questions. Issues like
                                    Toronto Health Clinic recently      necessarily provide security. A    collection, process, and the
                                    learned, the world is far from      similar breach could occur         use of any subcontractors
                                    ideal. In a widely publicized       with any IT assets possessing      must be addressed. If you do
                                    incident, the clinic’s private      storage capabilities. There are    not feel comfortable with the
                                    health records were literally       numerous companies in the          answers keep shopping
                                    blowing in the wind on a            market interested in               around until you are confident
                                    downtown Toronto street being       recovering value from dis-         in your provider.
                                    used for a movie set.               carded items. Few of them are
                                                                                                           Despite being the first two
                                                                        concerned with secure infor-
                                    The clinic’s paper-disposal                                            companies to face an order
                                                                        mation destruction and data
                                    provider, which offers both                                            under PHIPA, they are lucky it
                                    shredding and recycling                                                was not worse. Neither the
                                    services, mistakenly believed       As the Toronto health clinic       clinic nor the paper disposal
                                    these documents were to be          and its paper disposal provider    company was publicly
                                    recycled. The company               discovered, this is bad for        identified. Future violators
                                    subcontracted the paper to          business in more ways than         may not be as fortunate. Many
Are you sure you know               another recycling company,          one. Upon investigation, both      organizations would find such
exactly who can access your         which in turn sold it to the film   organizations were deemed to       a breach combined with
data?                               production company.                 have violated Ontario’s            publicity devastating.
                                                                        Personal Health Information
                                    It is important to know whether     Protection Act (PHIPA),
                                    your service provider uses          prompting Ontario Privacy
                                    subcontractors. Clients need to     Commissioner Dr. Ann
  The clinic’s                      know who is touching their          Cavoukian to issue the first
                                    data, paper or otherwise.           order under the new law.
  private health
  records were
  literally                                    To Outsource or Not to Outsource?
  blowing in the                    Understandably, some                Even if employees are              As privacy legislation
  wind on a                         organizations are reluctant to
                                    outsource data destruction.
                                                                        trustworthy, they frequently
                                                                        have conflicting
                                                                                                           becomes more rigid,
                                                                                                           organizations need to
  downtown                          Security and trust are huge
                                    issues. However, handling the
                                                                        responsibilities. As a result of
                                                                        its tedious nature, data
                                                                                                           understand the resources
                                                                                                           required and the risks
  Toronto street!                   issue internally might not
                                    solve the problem. In fact, it
                                                                        disposal is often low priority.
                                                                        Negligence could haunt
                                                                                                           involved. This is particularly
                                                                                                           true for firms where electronic
                                    could make it worse. Since          organizations. Imagine your        data disposal will be a
                                    80% of all computer and             company's information falling      reoccurring issue. Many
                                    Internet related crime is           into the wrong hands. Just         companies already outsource
                                    committed by insiders               one mistake could be               the destruction of their
                                    companies need to be wary of        destructive. Outsourcing           paper-based information. At
                                    the threat internal staff poses.    electronic data destruction        dataXile we expect many of
                                    Decision makers need to             makes good business sense.         these organizations to adopt a
                                    consider who the bigger threat      Doing so allows your               similar policy for electronic
                                    is: an outsider with minimal        employees to concentrate on        documents.
                                    knowledge of the specific           their core competencies,
                                    industry or a disgruntled           leading to time and cost
                                    employee who knows exactly          savings. Furthermore, you can
                                    what they are looking at?           assure your clients that you
                                                                        are serious about
Private information is stored on
many types of technology. Is your                                       safeguarding their data.
data at risk?
                                        The Vault
    National Association for Information Destruction Conference
In November 2005 Joseph Bozic represented dataXile at the National Association for
Information Destruction (NAID) conference in Phoenix. In its unwavering commitment to being
the industry leader, dataXile was the only Canadian electronic data destruction company to
attend the event. Although geared to the US market the conference was extremely informative
and well worth attending. Topics of discussion covered three key themes, Current Legislation
Impacting Information Destruction, Information Destruction during Litigation, Investigations and
Audits, and Everything You Need to Know About Destroying Information on Computers.

                Current Legislation Impacting Information Destruction                                         Consult dataXile for help with
                                                                                                              a data disposal policy.

•    Standard – “Any person who maintains or          •    Lost assets (i.e. laptops) are a bigger source
     otherwise possesses consumer information              of security breaches than hacking
     for a business purpose must properly
     dispose of such information by taking
                                                      The general consensus is that legislation will
     reasonable measures to protect against the
     unauthorized access to or use of the
                                                      continue to evolve and become more rigid over             dataXile was
                                                                                                                the only
     information in connection with its disposal”

•    Standard - Applies to both paper and
     electronic forms of information
•    The rule applies to both the entity owning the                                                             electronic data
     information and the service provider
                                                                                                                company to
       Information Destruction during Litigation, Investigations and Audits
•   Fulbright & Jaworski’s          •    Once a party “reasonably         The presenter for this topic
                                                                                                                attend the NAID
    annual survey of                     anticipates litigation,” or      was renowned legal authority
                                                                          Alan Ross. The overlying
    corporate counsel names              receives notice of a
    e-discovery the No. 1                government investigation         theme was that the history of
    new litigation related-              or audit, they must              data disposal practices in your
    burden for companies                 immediately implement a          organization is critical. If they
    with revenue exceeding               “litigation hold” by             are proven and established, it
    $100 million annually                ceasing routine                  will be easier to establish
                                         document destruction             credibility. If they are not, you
•   Record retention policies            policies                         risk leaving your organization
    are becoming far more                                                 vulnerable to the opinion of
    important                       •    Proof of practices is            the court or authority. Clearly
                                         extremely important, as is       establishing an information
•   Violation of Sarbanes                a consistent history             destruction policy is good
    Oxley could result in                                                 business practice.
    fines, imprisonment or
    both                                                                                                      CDs are a potential security

    Everything You Need to Know About Destroying Information on Computers
This panel discussion featured      significantly. Both Singer-           It has always been dataXile’s
Angie Singer-Keating and Bob        Keating and Haskins made it           position that people with
Haskins. Singer-Keating and         clear destroying information          technical expertise should
Haskins are the chief                               on IT assets is       complete this task. It was also
executives of Reclamere                             far different         stressed that utilizing internal
Incorporated and Gigabiters                         than on paper.        staff can needlessly put your
Incorporated respectively.                          Therefore, it is      company at risk.
Both firms are established                          important to
players in the US information                       complete your
destruction industry for IT                         due diligence
assets. Interestingly, both                         when selecting
echoed dataXile’s sentiment                         a service                                                  Backup tapes should be
that the industry will grow                         provider.                                                  cleaned when no longer in
              The Vault

                                        dataXile is an information security company
                                        committed to secure electronic data disposal.
        Phone: 416-657-8877             We realize that shortcuts can harm your
  E-mail:      business. Knowing this, we treat your data
                                        with the utmost respect. Security breaches
                                        regarding information destruction are
Don’t Trash Your Information—Xile it!   unacceptable.

                                        For peace of mind contact dataXile.

To top