The protection of data as it rests, transacts or
journeys through computer systems is seen as
a major component of good corporate hygiene.
As well as protecting organisations from reputational
risk and damaging losses, failure to
protect this data can now result in both corporate
and personal criminal prosecutions.
The growth of compliance requirements over
the past few years has sometimes been seen
as a US-based phenomenon as regulations
are implemented to address various corporate
failures and scandals over the past decade or
so. In fact, compliance, rules and regulations
to protect data stored by EU-based organisations
can be just as onerous as those originating
from the US.
This paper highlights key directives and legislation
as it affects the member states of the EU.
Data loss prevention technologies are now
seen as crucial tools to help address regulatory
and compliance requirements. These
technologies include data encryption, device
control, application control and content inspection,
which are now all being deployed by
organisations that realise the consequences of
unintended data loss.
A data loss incident should no longer seen as
an unfortunate accident; now it will be accompanied
by significant reputational risk and the
possibility of legal action against the organisation
or, even, executives personally.
Clearly, and quite rightly, data loss is now a
legal issue and IT professionals need to be
aware of their responsibilities.