When A Company Folds, Who Guards Your Data's Privacy?

IT and business both understand the need to protect regulated customer and business data -- so long as they're in business, analysts say. Here's a look at how some folding businesses are falling short protecting data and the possible liabilities for the IT group and CIO.

Indeed, the territory is new and uncharted at least at these depths. "A lot depends on what the data was intended to be used for," says Claypoole. "For example, if DNA was collected from employees as part of a health screening, that information is generally protected. But, if the DNA was collected as part of an employee ID system, the DNA can be sold."

Liability Issues for IT Increasing?

For now, CIOs are in a precarious position. "CIOs and CEOs can't destroy the data or they could be charged with destroying a company asset," explains Claypoole. "Yet, you can't ignore the issue because it could come back to haunt you later."

In a desperate effort to either cope or profit, some CIOs and CEOs are taking their own steps and storing data elsewhere or even taking servers home, says Sanjay Anand, president of consulting and training firm GRC Group, and dubbed "Mr. Sarbanes-Oxley" by many in the industry.

"Generally the CIO's personal liability is very limited as long as adherence to guidelines is demonstrated," says Anand. "But we are hearing of cases where CIOs are directly responsible for the drives going missing, and in those cases we have already seen the first signs of litigation."

The thorniest problem is when IT people working offshore for US companies make off with servers, drives or data, he says. It's hard for US companies to track the IT people down, though the firms have started to litigate the issue, Anand says.

Eventually the matter may be sorted out in a regulatory way, but don't look for immediate answers, Anand says. "The new administration has its hands full with broader financial issues, and is unlikely to focus on just this narrow aspect anytime soon," says Anand.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags CIO roledata security

More about AladdinAladdin Knowledge SystemsBillBurton GroupetworkFTCGoodwin Procter

Show Comments
<img height="1" width="1" style="border-style:none;" alt="" src="//insight.adsrvr.org/track/evnt/?adv=bitgblf&ct=0:jkis3bum&fmt=3"/>