UNEMPLOYMENT
INSURANCE / SOCIAL SECURITY
Family and Medical Leave Act, Military Family Leave Final Regulations 
Get important background information concerning the FMLA rule changes, along with succinct explanations of the new rules and how they have changed from prior regulations.
Companies are not following simple data security procedures in seven high-risk scenarios, according to a study released in December by the Ponemon Institute, a privacy information management research firm. The report, "Data Security Policies are not Enforced," is based on a survey of 893 IT professionals and sponsored by Red Cannon Security, a provider of data security services.
According to the study, 39 percent of employees surveyed said they have lost a PDA, cellular phone, USB memory stick, zip drive, or laptop computer that contained sensitive or confidential business information. Fifty-six percent believe their employer would never be able to determine the type of data contained on a lost device.
"Data breaches remain the leading cause of financial losses in business, with over 75 percent of Fortune 1000 companies falling victim to data leakage, and this is not going to change without improvements in the enforcement of data security policies," said RedCannon.
The study dentifies problems with the current rules in effect at the workplace, as well as the problems with enforcement of those rules. Most importantly, it shows employee naivete towards this problem, with most staff members unaware of the rules in place, or uncaring due to lack of obvious consequences.
The survey offers information on what is the most frequently lost portable storage device, the numbers of employees downloading personal software onto work computers, and statistics concerning how many portable devices that were lost had unprotected data on them, among other similarly invaluable information.
The report addresses risks associated with the storage and transportation of confidential information, policies regarding lost portable devices, the lack of enforcement of existing policies concerning data security, and employees' lack of awareness about such policies. Only 10 percent of those surveyed said their organization has a policy to deal with the loss of a portable storage device containing sensitive information. With today's technology, data is more portable than ever before. E-Mail, smartphones, MP3 players, and USB memory sticks are all examples of the many ways data can be transported and viewed away from computers.
The study reveals a number of key findings:
51 percent of employees copy confidential company information onto USB memory sticks; 87 percent believe that company policy forbids doing so;
45 percent of employees access web-based email accounts from their workplace computer; 74 percent say there is no policy forbidding it;
39 percent have lost or misplaced a portable data-bearing device; 72 percent failed to immediately report the loss;
45 percent download personal software onto a company-assigned computer; 60 percent say no company policy forbids it;
33 percent send workplace documents to home computer as an attachment in email; 48 percent stated they were unsure whether doing so violates company policy;
17 percent turn off security settings or firewalls on their workplace computers; 80 percent are unsure whether this violates policy;
46 percent say they share passwords with coworkers; although 67 percent believe policy forbids doing so.
"Privacy and data protection policies are meaningless if they do not address the full spectrum of threats and if they are not enforced," the Ponemon Institute noted. "The development of comprehensive policies, along with training and stringent enforcement of those policies, should be a priority."
For additional information on this and other HR topics, consult CCH Human Resources Management or Personnel Practices/Communications.
Visit our News Library to read more news stories.
©2009, CCH. All Rights Reserved.
