Excelgate Launch New Partnership with Leading Security Suppliers Offering a Holistic Approach to Data Protection

London, February 2012. Excelgate Consulting launches Excelguard -  a new, innovative  partnership with leading security suppliers, that offers  a holistic approach to data protection. The approach combines data discovery and audit from PixAlert; policy distribution and management software from MetaCompliance, eLearning solutions from VigiTrust; secure data disposal, from DataEliminate; and risk assessment and remediation services from Excelgate Consulting.

“Despite the constant stream of data breaches reported in the press day after day, many organisations are overlooking some essential steps they need to take in ensuring that a data protection culture becomes permanent” says Phil Stewart, Director of Excelgate Consulting and Secretary and Director Communications at ISSA UK.  “Creating a cultural change regarding data protection in an organization requires them to think holistically and remember that staff awareness of security policies and training need to becomes embedded, and not just a  one-off exercise when a new employee joins or changes job role.“

Looking at where undertakings have been published by the Information Commissioner in the UK , committing organisations to improve data protection compliance, there is a common theme running amongst them. Nearly all the undertakings issued to date (88%) require staff awareness of the organisations’ personal data handling policy and staff training where appropriate. Most of the undertakings also specify “other security measures.. for the “accidental loss/ destruction [of personal data]”. The undertakings also highlight there are still too many cases where personal data is being left exposed: unencrypted, found in skips, in waste paper bins or left in cars or trains.

“PixAlert is delighted to be a partner with Excelgate’s Holistic Approach to Data Protection as it is a security initiative that we firmly endorse through our data auditing solutions.” Says Ger Curtin, CEO of PixAlert. “ In order to protect your data you must know where to find it and in implementing a data security framework, visibility into network exposures is a vital first step in assessing risk and an essential component in protecting data as a strategic and valuable corporate asset.”

“At the heart of any compliance regime should be the realisation that prevention is better than cure.  “ says Robert O’Brien, CEO of MetaCompliance. “Getting higher levels of user awareness in the area of Privacy and Compliance is key to mitigating the risk of a compliance incident. Organisations need to use every tool at their disposal, and Excelguard is an invaluable addition to the compliance management armoury.”

“This new offering from Excelgate Consulting allows organisations to take steps to create a data protection culture. Regular training of staff, through a variety of methods, is a key element of this. “ says Mathieu Gorge, CEO of Vigitrust. “eLearning is a good alternative to face to face training where there are time and costs constraints in the business. It allows organisations to train users at their own pace, and suit the training schedule around the demands of the business, rather than an entire department taking several days out of the business for training. Employers can demonstrate compliance with training requirements at a click of a button which is a key requirement of most of these undertakings from the ICO”

“Excelgate’s exciting new initiative provides customers with a 360 degree solution from setting-up simple and practical measures to deploying high-tech defences,” says Julian Fraser, Director of Data Eliminate,   “It’s humans who represent the vulnerability in almost every case.  Excelguard addresses that issue head-on.”

“Everyone I’ve spoken to has been extremely enthusiastic about this new offering” says Phil Stewart. “Nearly all of the undertakings issued by the ICO can be attributed to lack of staff awareness of policy, lack of training, no methods for secure disposal of data and no visibility of where the personal data lies within an organization. This offering provides a good foundation for data protection compliance moving forward. Compliance with standards is a given, but what this offering does is address long-term weaknesses in organisations which in turn helps them maintain their compliance levels and thus reduce their overall costs of compliance. “

Excelguard is the new holistic data  protection compliance offering from Excelgate Consulting, Data Eliminate, MetaCompliance, PixAlert and VigiTrust. Further information can be found at:

www.excelgate.co.uk/excelguard.html

Pixalert Launch New PCI DSS Solution To Help Businesses Simplify PCI Scope & Achieve Compliancy Faster

PixAlert is a market leader in the discovery and protection of unsecured, unstructured sensitive corporate information is delighted to announce the launch of its new PCI DSS Scope Assessment product. PixAlert’s latest PCI DSS innovation provides a fully automated mechanism to help organisations find where CHD Card Holder Data is stored on any part of the corporate network and help them understand the scope of their CHD exposures while creating the necessary groundwork for successful and continuous PCI DSS certification.

PCI DSS is the global data security standard that businesses must adhere to in order to accept payment cards and to store, process and/or transmit CHD Card Holder Data.  

Commenting on the launch, Gerard Curtin, CEO, PixAlert stated ‘getting started with PCI Data Security Standard can be a complex and daunting task for many organisations who are obliged to meet this critical payment card industry requirement.    Essentially, before an organisation can start to protect sensitive and valuable CHD card holder data, the first and most critical step is to locate where CHD is stored within an entire data environment – before you can protect it, you must find it! Our latest PCI DSS scope assessment solution provides an automated mechanism to rapidly discover where card holder data is stored extensively on any part of the corporate network. This helps businesses to understand the scale of their CHD exposures while improving PCI DSS certification success rate in a structured and continuous basis’ stated Mr. Curtin.

The PCI Security Standards Council specifies a framework of 12 requirements for a secure payment environment but for the purposes of PCI DSS compliance, its principle for ensuring vigilant assurance of CHD data safety is held within the three step process of: assessment, remediate and reporting. PixAlert’s latest PCI DSS SCOPE Assessment solution fulfils these requirements through the continual methodology of:

►           Auditing: comprehensive scan of all network wide resources (files servers, mail servers, desktops, laptops), to efficiently discover and identify where CHD components (both structured and semi-structured card details) are stored across a network.  

►           Remediate/Reporting : intelligent and actionable reporting to provide users with visibility and control over the extent of their CHD components (both in and out of the scope environment). In identifying vulnerabilities, it enables an organisation to take proactive, corrective action in remediating CHD through the implementation of controls and updated risk assessments.

Regular audits will demonstrate that PCI DSS is being continuously monitored and maintained through automated scans and reporting structures which ensure that consistent security measures and compliancy standards are being upheld constantly.

Through a well-defined CHD discovery process, PixAlert’s PCI DSS SCOPE Assessment process will help organisations achieve certification in a more efficient manner, while enhancing risk control measures through reducing the occurrence of CHD leakage and continuous PCI capability assessment. Key benefits for organisations that have responsibility to manage CHD and are obliged to adhere to continuous and vigilant PCI data security standards include:

Gerard Curtin, CEO of PixAlert will be a guest speaker at the PCI European Roadshow in London on the 31^st January and Dublin 02 February 2012. For further information on PixAlert’s PCI DSS product capabilities see PCI DSS SCOPE Assessment or for free trial demonstration contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it . For further press enquiries, please contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it Tel: +353 1 8994750/ US: +1 202 657 4925/ UK: +44 1223 421045 www.pixalert.com

About PixAlert                                                                                                                                                    

With a growing and constant challenge of protecting corporate reputation, brand integrity, employees and customers against the risk of data exposure, leakage of sensitive information and inappropriate image distribution, PixAlert provides pioneering security software and services to help manage and protect corporate networks. PixAlert detection technologies help organisations save time and energy while significantly reducing costs by supplying best practice solutions, which help prevent data leakage, comply with legislation, enforce corporate policies and protect against legal proceedings and brand damage. 

PixAlert’s portfolio of market leading data loss protection and image detection software provide solutions to an extensive range of global clients within the financial, healthcare, pharmaceutical and public sector industries. The company’s Head Office is in based in the Digital Hub, Dublin with sub-offices in UK and US.  www.pixalert.com

PixAlert Urge Businesses to Prepare For Tougher EU Data Breach Rules

PixAlert the market leader in the detection and prevention from the risk of critical data loss and inappropriate image content is urging businesses to prepare for new proposals in EU data protection regulation which are currently under review in consultation stage.  The European Commission is currently seeking to widen the scope of data protection legislation with a new mandatory reporting directive for all data loss breach incidents.

It is expected that the introduction of new mandatory reporting laws will require businesses to put further data security controls in place to help ensure they are aware of where critical, company sensitive data is stored.  Commenting on these developments, Gerard Curtin, CEO of PixAlert stated, ‘Mandatory reporting will help bring about more clarity to the amount of data being lost and improve efforts to prevent breaches. With its eventuality clearly on the horizon, businesses need to address data protection seriously and proactively prepare to ensure that sufficient security structures and controls exist. If a company is seen as being unable to protect client data or in breach of regulation, penalties are likely to be imposed’ stated Mr. Curtin.

The EU implemented new amendments to Directive 2002/58/EC on the protection of privacy in the Privacy and Electronic Communications Directive which introduced breach notification rules and penalties for Internet Service and Telecoms providers requiring that operators secure personal data properly and inform their customers and data protection authorities promptly when client data is lost or breached. This directive was enacted as law in Ireland and UK earlier this summer. 

The EU’s Justice Commissioner Viviane Reding  stated in June this year that new data protection changes would ensure that all businesses take data protection seriously with an intention to introduce a mandatory requirement to notify data security breaches across all sectors including banking and financial services ‘Data breaches have eroded consumers trust and banks and businesses will need to take data protection much more seriously if they want to avoid future reputation damage’ Reding stated.  The Commission is expected to present its proposal to the European Parliament and the Council of the EU in 2011 which will agree on the final text in the co-legislation procedure (Article 16, Treaty on the Functioning of the European Union [2008] OJ C 115/47).

These latest move serves to incentivise businesses to conduct serous risk assessments to protect personal data and to implement appropriate security measures protecting the confidentiality, integrity and availability of personal data. 

In preparing for mandatory reporting, part of the security process is to establish and have a comprehensive understanding of where critical and company sensitive information resides on the corporate network.  According to Gerard Curtin of PixAlert ‘data discovery is an essential factor in risk mitigation and a control in assessing governance and compliance capabilities  – before you can protect your data, you must be able to find it!’.   Data auditing helps ensure that critical data assets are safeguarded and that the security process is working effectively, enabling organisations to identify and proactively react to vulnerabilities.

PixAlert deploy world-class scalable information audit solutions which enable organizations to discover where sensitive data and inappropriate images reside across networks.  PixAlert enterprise content audit solutions and managed services help to safeguard brand integrity and reputation through its market leading data discovery and illicit image detection and security software products. Further information is available at www.pixalert.com, for further press enquiries contact Niamh Hayes, Marketing Advisor on 353-1-8994750

10th August 2011

EMERGING TRENDS TOWARDS MANDATORY REPORTING OF DATA BREACHES

The implications of data protection law have been recently propelled into the public domain with the steady increase in the volume of reported high profile data breaches and security incidents.  While these breaches have been well publicised, timely notification to customers whose data has been compromised lacks clarity as it is tied up in a wide range of rules and regulations which are further complicated by the multi-national diversity of affected customer groups.  This paper looks at breach reporting law in different regions of the world and identifies an emerging directive towards a new mandatory reporting regime.

The current movement by regulators towards mandatory reporting legislation will obligate data controllers to notify data subjects when their personal data has been leaked.  In particular, the EU and US appear to be pushing this agenda as a priority data protection initiative. The US has had some mandate for reporting in place with new standardised legislation in discussion.    However until mandatory reporting legislation is in place,  the extent of data breaches will not be fully realised and lack of enforcement and penalties will only to serve to accelerate breach incidents and insufficient security measures.  Given the general reluctance by businesses to adequately secure and protect client personal and sensitive data, the introduction of mandatory reporting and legal sanctions are believed to be the necessary catalyst to enforce best practice security procedures.

EU TRENDS

A growing number of EU and European Economic Area (EEA) countries are developing rules on data breach notification, however there is currently no general breach notification requirement in Directive 95/46/EC on data protection (Data Protection Directive).  Some countries have adopted statutory laws that oblige organisations to report data breaches and in other states voluntary guidance issued by the data protection authorities exists.

In its ongoing review of the European data protection framework,  the European Commission published a communication outlining among other things, its intention to introduce a general data breach notification obligation (A comprehensive approach on personal data protection in the European Union COM(2010) 609 final, 4 November 2010). It didn’t however specify the scope of this obligation, in particular who should be notified and the criteria that would trigger the notification obligation.  

In the absence of explicit legislation, approaches to data breach notification vary within member states.   Countries including Austria, Norway, Germany & Spain have implemented mandatory breach notification, where organisations are obliged to report and notify data breaches across public and private sectors.  Voluntary reporting currently operates within Denmark, Ireland and UK where an assortment of different criteria, guidance and reporting procedures exist. Since April 2010, the UK’s Information Commissioner's Office (ICO) within the UK Data Protection Act, has had the authority to impose monetary penalties of up to GB£500,000 and since April 2010, the ICO has imposed fines on four occasions to the value of £240,000.
 
Generally, all EU institutions support mandatory breach notification applying to all sectors. The Commission is expected to present its proposal to the European Parliament and the Council of the EU in 2011 which will agree on the final text in the co-legislation procedure (Article 16, Treaty on the Functioning of the European Union [2008] OJ C 115/47). Once the legislation is published the directive will be proposed and implemented accordingly.

The EU has recently implemented new amendments to Directive 2002/58/EC on the protection of privacy in the electronic communications sector (Privacy and Electronic Communications Directive), which introduced breach notification rules for internet service and Telecoms providers. The rules require that operators secure personal data properly and inform their customers and data protection authorities promptly when personal data is lost or breached. Data breach disclosure and mandatory reporting procedures have yet to be interpreted by individual member states who must transpose the directive into internal law.

The directive is leaning towards a mandatory reporting regime for all data loss breach incidents with the EU currently seeking to widen scope of data protection laws.  Speaking recently, the EU’s Justice Commissioner Viviane Reding stated that recent data protection changes would ensure that all businesses take data protection seriously with an intention to introduce a mandatory requirement to notify data security breaches across all sectors including banking and financial services.  This latest move serves to incentivise businesses to conduct serous risk assessments to protect personal data and to implement appropriate security measures protecting the confidentiality, integrity and availability of personal data. Reding explained that the Commission’s proposals to change data protection legislation would be revealed in the coming months and that she would meet with individual ministers to discuss the plans. ‘We have consulted widely on this major reform and we’ve taken into account many suggestions and concerns of experts and stakeholders’ she added.    

US TRENDS

In the US, more than 45 states have enacted laws imposing notification obligations on data security breach.   In general, state security breach notification laws are understood to be modelled on the California Security Breach Notification Act which came into force in July 2007 and made it compulsory to provide notification of security breaches to consumers affected by the breach.  Affected individuals must be notified as soon as possible, but the law does not require notification to any administrative authority.   Most other US states require organizations to notify individuals of a breach.  Several states also impose notification obligations in case of a risk of harm to an individual, such as identity theft. Only a few states require notification to the relevant authorities resulting in a mishmash of data breach laws across the country.

One piece of legislation being introduced The Data Security and Breach Notification Act 2011 by Senator Patrick Leahy and co-sponsored by Senator Charles Schumer and Ben Cardin would mandate organizations that possess personal information to put in place "reasonable" security procedures to keep that data secure. Should the organization endure a breach, those affected would have to be notified.  The move towards mandatory reporting within the US is also gaining momentum with a recent announcement of new draft legislation by Congress.  Senator Mary Bono Mack, Chairman of the House Subcommittee on Commerce Manufacturing and Trade has released a discussion document of the Secure and Fortify Data Act (SAFE Data Act) which will also see companies provide a basic level of protection for consumers' personal information and government notification when data is stolen.
 
This new legislation comes in the backdrop of enormous, high profile data breaches in multinational companies like Sony and Epsilon in recent months.  Under the new bill companies will have to dispose of old or unnecessary data as well as notify the government within 48 hours of discovering a breach, unless the breach is an accident. .  The legislation will also grant the Federal Trade Commissioner limited authority over data protection in non profitable organizations ie. universities and charities. 

OTHER GLOBAL PRACTICE

In Australia, the introduction of mandatory breach notification is being considered, however the government has not yet proposed the relevant amendments.  In place of any legislation, voluntary guidance issued by the Office of the Privacy Commissioner of Australia applies however there is no clarity on what specific data elements are covered.  These guidelines largely resemble those of new voluntary breach notification guidelines issued by the New Zealand Privacy Commissioner in February 2008 which apply to private sector organisations and recommend that individuals should be notified, as soon as reasonably possible, when there is a foreseeable risk of harm. 

In Japan, two models exist, depending on the authority to which the breach must be notified. Under the revised Financial Services Agency's guidelines, applicable to financial services providers only, breach notification is mandatory while in contrast, under the Ministry of Economy, Trade and Industry's guidelines notification is recommended however not mandatory.  Notification is not expected when the rights and interests of the individuals have not been or are not likely to be infringed by the breach, for example, when data was recovered immediately or when advanced encryption was used.

FRAGMENTED POLICIES

Within this challenging ‘mixed bag’ framework of varied legislative rules and regulations, the consequences for organizations operating in the marketplace are fragmented and this lack of cohesion can result in insufficient procedures with significant cost implications for organizations.  In particular, global multinationals face the task of operating in multiple jurisdictions and must ensure necessary compliance within numerous regulatory markets.  In a situation where an organisation might facing legal redress yet not a regulatory fine, while facing the latter elsewhere, the rules can be confusing and counterproductive.  Regardless of geographical constraints and rules, organizations must take appropriate security measures to protect their customers’ personal data. 

Businesses often struggle to implement proper policies and controls that are required to prepare for and mitigate the legal, regulatory and financial risks associated with a security failure – both before and after a data breach occurs.  In addition, many organizations ignore the more long-term intangible costs that data breach creates including damage to corporate reputation, brand integrity, customer loyalty and decline in share value.

UNIFIED SOLUTIONS

In order to be prepared for mandatory reporting it is essential to have a full and comprehensive understanding of where all critical and company sensitive information resides on the corporate network.  Data discovery is a fundamental factor in risk mitigation and a control in assessing governance and compliance capabilities.  By implementing data auditing software, unsecured and sensitive information can be regularly and efficiently analysed to classify, discover and report on where critical information resides, enabling users to identify and proactively react to vulnerabilities.

PixAlert’s Critical Data Auditor is an enterprise ready, scalable solution which helps empower management through clear visibility of important data combined with meaningful and actionable results, helping protect against data loss while improving compliance and safeguarding corporate reputation. 
 

CONCLUSION

In today’s evolving regulatory global environment, it is vital for organizations to have effective data protection measures in place.  If a company is seen as being unable to protect client data, the immediate and long term consequences can be harmful and difficult to dispel.  The imminent introduction of new mandatory reporting laws will require businesses to put further data security controls in place in order to ensure they are aware of where critical, company sensitive data is stored.   Mandatory reporting will help bring about more clarity to the amount of data being lost and improve efforts to prevent breaches. With its eventuality clearly on the horizon, businesses need to address data protection seriously and proactively prepare and ensure that sufficient security structures and controls exist. 

The rising risk and cost of data breach can be effectively managed - through implementing data security software and policies, organizations can significantly mitigate risk, gain content visibility of critical and exposed data and ultimately take full control of their corporate data and IT assets.

ABOUT PIXALERT

PixAlert deploy world-class scalable information audit solutions which enable organizations to discover where sensitive data and inappropriate images reside across networks.  PixAlert’s enterprise content audit solutions and managed services help to safeguard brand integrity and reputation through its market leading data discovery and illicit image detection and security software products.

PixAlert is an Irish technology company who have been protecting corporate reputation and brand integrity of financial, healthcare, pharma and public sector organizations since 1999 through its innovative and advanced portfolio of critical data and image protection solutions.  The company currently has a client base of over 200 companies covering EMEA, AsiaPAC and the US territories. PixAlert is based in Dublin, Ireland and has sales offices in the UK, US, Australia and New Zealand.

DISCLAIMER NOTICE

Statements and opinions expressed within PixAlert articles, blogs and other materials herein are those of the authors, editors and publishers.  While every care has been taken in the compilation of this information and every attempt made to present accurate information, we cannot guarantee that inaccuracies will not occur. PixAlert will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through our website.

The content of any organisations websites which you link to from articles are entirely out of the control of PixAlert and you proceed at your own risk. These links are provided purely for your convenience. They do not imply PixAlert’s endorsement or association with any products, services, content, information or materials offered by or accessible to you at the organisations site.  All copyright and trade marks accessible via the links from PixAlert are owned by the respective website owners, or their licensors.

PRESS RELEASE

PixAlert Launch New Data and Image Auditor Web Trial Download

See published article in Silicon Republic 4th July 2011

PixAlert the market leader in the detection and prevention from risk of critical data loss and inappropriate image content has launched a new web trial facility of its popular Auditor product which enables users gain insight into critical data and inappropriate image vulnerabilities on corporate networks.   By testing the software’s unique capabilities, the trial facility will allow users run a limited number of critical data and image scans on a specified directory, helping to provide visibility in identifying specific exposures that exist within a network. 

Commenting on the Auditor web trial, Gerard Curtin CEO of PixAlert stated ‘with a steady increase in the volume and cost of corporate data breach incidents and the ongoing threat posed by inappropriate image distribution, network visibility is an invaluable part of the security process and an essential starting point in minimising risk.  The discovery process can be an enlightening experience in pinpointing and indentifying where weaknesses exist, allowing organisations take protective measures and put best practice security procedures in place.  PixAlert’s Auditor trial will help organisations realise some of these risks by highlighting specific data and image issues that may exist and through informed reporting, take further action if required’ stated Mr. Curtin.
 
The new easily deployed Auditor download, which offers a 14 day trial facility, can be downloaded free of charge from PixAlert.com.  PixAlert’s Critical Data and Image Auditor products enable organisations to rapidly identify and comprehensively discover where sensitive data and inappropriate images risk reside across corporate networks, helping organisations safeguard, manage and protect critical, unsecured and valuable corporate sensitive information.
 
With a growing and constant challenge of protecting corporate reputation, brand integrity and employees against the risk of misuse of inappropriate imagery and exposure of sensitive critical data on networks, PixAlert is providing pioneering security software to help manage and protect network systems.  PixAlert’s enterprise content audit software helps organisations save on time and productivity while significantly reducing costs by supplying best practice security solutions which comply with legislation, enforce corporate policies, enhance working environments and protect against legal proceedings and brand damage. 

PixAlert provides content audit solutions and managed services to financial, healthcare, pharmaceutical and public sector organisations.  The company currently have a client base throughout Ireland, UK, Middle East, USA, Canada, Australia and New Zealand and is based in the Digital Hub, Dublin, Ireland with offices in UK and US.  Further information is available at www.pixalert.com or contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it or contact Niamh Hayes, Marketing Advisor, PixAlert on +353-1-8994750

June 2011