PRESS RELEASE (PDF 183 KB)                        2011 Report  (PDF KB)                    Data Breach & Loss

2011 Data Breach & Loss Incident Readiness Guide to Help Businesses Protect Online Trust & Confidence
In support of Data Privacy, the OTA guide addresses emerging security and privacy threats, providing prescriptive guidance and questions every executive must ask

Seattle, Washington – January 25, 2011 – The Online Trust Alliance (OTA) today announced the release of the 2011 Data Breach Incident Readiness Guide, a comprehensive guide outlining key questions and recommendations to help businesses in breach prevention and incident management. In the wake of increasing levels of data breaches, accidental data losses and incidents of users’ privacy being compromised, OTA has expanded its annual report to address the emerging security and privacy threats impacting businesses throughout the world. 

With the White House, members of Congress, Commerce Department and the FTC calling for greater privacy controls and breach notifications, the OTA guide represents a significant self-regulatory effort to enhance data stewardship and consumer trust and ultimately the long-term vitality of commerce.

Washington State Attorney General Rob McKenna says: “We live in a digital world where organizations must defend against data breaches and be prepared to quickly mitigate additional harm should personal information be compromised. We encourage businesses and agencies to consider the resources provided by the Online Trust Alliance and other organizations as they develop their own plans to protect sensitive data.”  

“In the past 5 years, over 525 million records containing sensitive personal information have been compromised, significantly undermining the foundation of consumer trust,” said Craig Spiezle, Executive Director and President of the Online Trust Alliance.  “With the onslaught of criminal and deceptive business activities, we are calling on business leaders to develop a readiness plan.  Those failing to act may be faced with increased public scrutiny, regulatory pressures and a tarnished brand reputation.”

According to the OTA’s 2011 Data Breach Incident Readiness Guide, the true test for organizations and businesses should be the ability to answer key questions such as:

• Do you know what sensitive information is maintained by your company, where it is stored and how it is kept secure?   

• Do you have an incident response team in place ready to respond 24/7?   

• Are management teams aware of security, privacy and regulatory requirements related specifically to your business? 

• Have you completed an audit of all data collection activities, including cloud services, mobile devices and outsourced services?

• Are you prepared to communicate to customers, partners and stockholders in the event of a breach or data loss incident?  

2010 Highlights
In 2010, over 400 incidents were reported impacting over 26 million records for a cost to U.S. businesses of over $5.3 billion dollars.  Of these, 98% were a result of a server exploit; yet on analysis, 90% were avoidable if the recommendations outlined in the OTA report were in place.  OTA research and industry survey indicates the data reported is just the tip of the iceberg as a great majority of breaches continue to occur undetected or unreported.  While OTA encourages self-regulation and reporting, the trends outlined in the report suggest the need for broader transparency and self-reporting requirements.  

Recommendations for Businesses and Organizations
The OTA Data Brach Incident Readiness Guide aims to raise awareness of the severity of a data breach while helping businesses and organizations prevent and mitigate data security and privacy crises.  Walking readers through the key points of designing a Data Incident Plan (DIP), the guide offers insights, prescriptive advice and actionable recommendations for businesses of all sizes.  The guide aids businesses in creating an internal plan for what to do in the aftermath of a security breach.  Providing plan fundamentals such as creating a 24-hour response team, developing vendor and law enforcement relationships, and ideas for a crisis communication plan, the OTA readiness guide gives key insights into questions that companies need to ask themselves to ensure they are taking all the precautions they can.  

“The 2011 Data Breach Guide is a key resource for any business that is committed to ensuring the privacy and security if its consumers.  OTA has done a terrific job at providing the actionable steps that can help a company avoid a crisis and be ready to respond when one occurs,” said Jules Polonetsky, Co-chair and Director of the Future of Privacy Forum.  

“We are encouraged by efforts of the OTA in producing valuable guidelines for breach prevention and incident management based on broad collaboration.  This kind of industry best practice is critically important to advancing data protection across all industries,” Richard Purcell, CEO and Founder Corporate Privacy Group.  

The OTA Data Breach Readiness Guide was developed in collaboration and with support from numerous organizations, industry and business professionals.  The complete guide is available at: https://otalliance.org/resources/Incident.html.

About The Online Trust Alliance (OTA) https://otalliance.org
Formed in 2004, the Online Trust Alliance (OTA) is a global non-profit organization representing the Internet ecosystem, supporting user choice and controls, protection of critical infrastructure, privacy and data governance, promoting marketing best practices and self-regulation. The OTA’s mission is to develop and advocate best practices and public policy which mitigate emerging privacy, identity and security threats to businesses, online services, brands, government agencies, organizations and consumers, thereby enhancing online trust and confidence.

For media inquiries contact: