This week, the Identity Theft Resource Center released its 2010 data breach statistics report for data breaches through June 22, 2010. According to this weekly report, 2010 has already seen 325 reported data breaches exposing approximately 8.3 million records. Considering that the 2009 report shows 498 reported data breaches for all of last year, it looks like 2010 will see an increase in overall data breaches.
Companies collecting personal information should take proactive measures to avoid data breaches. Proactive measures include maintaining an up-to-date security policy, safeguarding sensitive data, encrypting data, turning on and monitoring system logs, and restricting access to only those who need it. (See our previous post for an example of why security implementations should be kept up to date.)
It is also important to have a preemptive response plan in place to deal with a data breach should one occur. A response plan should include means of investigating the data breach, notifying those whose records or information are potentially affected, addressing legal concerns, addressing public relations concerns, making other required notifications (such as those described here), and ensuring the data breach is not ongoing or recurring.