The protection of data as it rests, transacts or journeys through computer systems is seen as a major component of good corporate hygiene. As well as protecting organisations from reputational risk and damaging losses, failure to protect this data can now result in both corporate and personal criminal prosecutions.
The growth of compliance requirements over the past few years has sometimes been seen as a US-based phenomenon as regulations are implemented to address various corporate failures and scandals over the past decade or so. In fact, compliance, rules and regulations to protect data stored by EU-based organisations can be just as onerous as those originating from the US.
This paper highlights key directives and legislation as it affects the member states of the EU. Data loss prevention technologies are now seen as crucial tools to help address regulatory and compliance requirements. These technologies include data encryption, device control, application control and content inspection, which are now all being deployed by organisations that realise the consequences of unintended data loss.
A data loss incident should no longer seen as an unfortunate accident; now it will be accompanied by significant reputational risk and the possibility of legal action against the organisation or, even, executives personally.
Clearly, and quite rightly, data loss is now a legal issue and IT professionals need to be aware of their responsibilities.