Data Security A Top IT Priority In 2012 | Mass. law drives up stakes of guarding against data breaches
Businesses plan to ramp up their information technology investments this year, but executives may want to exercise caution, especially here in Massachusetts, where privacy laws have made data security a high-stakes necessity.
Since early 2010, Attorney General Martha Coakley’s office received reports of 1,316 potential data breaches in the state as of November 2011, potentially affecting more than 2 million residents, her office said.
Under a Massachusetts data security law that took effect two years ago, companies can be fined $5,000 per violation. As of November, the AG’s office had levied $118,000 in fines, much of it against a Boston-area restaurant group in 2010. But businesses should not expect enforcement activity to remain so subdued.
David Felper, an attorney with Bowditch & Dewey in Worcester who has worked with companies on drafting the information security plans the data privacy law requires, described Coakley’s approach to the law thus far as “cooperative.”
But he said it’s reasonable to assume her office will enforce the law more strictly as time goes on because companies will have had more time to get into compliance.
“There’s going to be less understanding if they’re not,” Felper said.
With the potential for more scrutiny of businesses and an expected increase in IT investments, 2012 could prove to be a banner year for the law.
A September survey of chief financial officers by Resources Robert Half Management Resources found that the most likely company investment this year is in IT systems.
CFOs have two goals with such spending, said Ryan Sutton, a senior vice president for the division of Robert Half International.
“Cost savings is absolutely always on the top of the list; the second is better data,” Sutton said. “Roughly half of the average company’s technology spend really revolves around operational efficiency and reporting.”
In a fall 2011 report, Ernst and Young said companies investing in IT need to step up their focus on security. The global “Big Four” firm described the threat of breaches as an “after-thought in the rush to adopt new technologies.”
The way data is stored and the tools employees are using present new challenges, the firm said. About 61 percent of companies worldwide are expected to be using cloud computing services by the year’s end. And about 80 percent of firms are using or considering the use of mobile tablets, according to Framingham-based IDC.
It would seem that Massachusetts companies, held to a stricter standard than most under the 2010 security law, may not need as much warning.
Michael Miers, director of information technology at Anna Maria College in Paxton, said the data law has taken time and money to reach compliance.
Colleges have financial and personal information from employees, students and alumni, which gives the institutions a lot to protect.
Miers said it hasn’t been a cakewalk for the small college of about 1,500 full-time students.
“When the laws first came out, we had a difficult time,” Miers said. “We’re a smaller college. Sometimes the budget funds aren’t always there.”
He estimated the school spent several hundred thousand dollars implementing systems with full-disk encryption and email encryption, among other features.
But while the law requires time and money, Miers said the college’s data security is better off for it. A lost or stolen staff laptop will be hard to crack into. And encryption software scans outgoing emails for potentially sensitive information.
On the other end of the spectrum are small businesses, which despite their size, still have obligations under the data law.
Cathy Phillips, who co-owns Boylston-based machine shop Phillips Precision, which has about a dozen employees, said she and her husband’s backgrounds working in the technology sector made data security second nature when they opened their business in 1999.
“Not only for our customers but for ourselves, we can’t afford to have our systems go down,” Phillips said.
The company does not possess a lot of financial information from its clients, she said. But it does have plans and schematics for parts they are building for clients. Many of those plans are proprietary, which Phillips said makes it vital to protect them.
WBJ Web Partners
Most Recent
Most Recent
0 Comments