China has published a draft for new recommendations on personal data protection. The document
"Personal Data Protection Guidelines for Public and Commercial Service Information Systems" was developed by a panel of experts and submitted for review prior to becoming a national standard for the country.
The China Software Testing Center, a government institution that is affiliated with the Ministry of Industry and Information Technology (MIIT) coordinated the efforts to draft the guidelines and release them for review. The document involved more than 30 various government agencies, organizations and commercial entities.
With the release of the draft guidelines, Ouyang Wu, Deputy Director General for Information Security at MIIT, explained that the current situation for personal data protection in China is "very concerning". Criminal organizations have been exploiting the data they obtain from government and commercial databases for personal gain. China, like other countries has had a spate of high profile data breaches in the past year. This has raised public concern and awareness of the issue.
The draft guidelines provide procedures for the gathering, processing, transmitting and destruction of personal data. Ouyang says that organizations following the guidelines will need to follow eight principles: a clear purpose for data collection, collect the minimum amount of personal data possible, prior notification of the collection to the individual, user consent for collection, strong security, trust and finally, accountability. When the use of a secure flash drive then often times data protection and personal protection are afforded in China.
The guidelines are not mandatory. Currently, there are more than 200 laws and regulations, which touch upon the area of personal data protection. However, there is no comprehensive legal framework governing this area.
In 2009, the revised penal code added a new category of crimes on "selling or illegally provisioning of citizens" personal data. However, the articles do not define what would qualify as criminal activities in this category.
Numerous monetary institutions are creating plans to meet their security requirements in light from the high profile information breaches which have been front and center within the news. Every bank should make their very own personalized strategy, nevertheless you will find some fundamental actions that may be taken to enhance and improve general information danger management.
Based on a study by the Ponemon Institute, criminal information breaches are on the rise, accounting for 31% of breaches in 2010 -- a seven-point improve from 2009. The institute also discovered that the typical organizational price of a information breach climbed to $7.two million in 2010, whilst the price per compromised record averaged $214. General, total breach expenses have grown each year because 2006.
Certainly one of the very first issues that any bank ought to undertake would be to comprehend the information life cycle in the institution and at branches. Taking the time to investigate and determine how monetary information is collected, how it's utilized, how it gets transmitted from 1 place to an additional, how it's stored and lastly how it's destroyed. Following this analysis, it's significantly simpler to determine exactly where the holes or vulnerabilities are within the information chain.
The fundamental rule for managing sensitive monetary information would be to 1st determine in the event you require it, if not, then do not gather it. In the event you do require it, gather what you'll need after which manage and encrypt it. Following you no longer require it, then destroy it securely (whether or not digital, or paper).
Listed here are a couple of suggestions for securing bank information:
1. Protect bank waste. Yes, you do not wish to randomly throw out paper files. It's important to take the additional step of shredding paper files.
2. Identify sensitive information. Make certain supervisors know what kind of information may be utilized by cyber thieves and that they know how you can secure it.
3. Secure the ATM. All as well frequently information hacks are putting unauthorized skimming devices as well as little cameras close to the ATMs to be able to acquire account numbers and pins.
4. Keep an eye out for unattended consumer information. Create a method to verify that consumer information is stored when workers are away from their desks, whether or not that's a policy that it should be locked up when not in use or that computer systems should be turned off when the employee is away from their desk.
5. Finally, wipe clean the memory on difficult drives. Make certain the memory is cleaned on all devices like copiers, computer systems, fax machines as well as mobile devices. Working with encrypted flash drives is a key way to avoid data loss.
The price of complacency is as well high to not take these as well as other actions to become particular monetary information doesn't wind up within the incorrect hands. This really is some thing that no monetary institution can afford in these digital occasions.