After a Breach: 3 Lessons Limiting Data Collection, Storage Common After an Incident
Organizations that have experienced a breach report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.

About half of 500 surveyed U.S. organizations that have experienced a breach subsequently took steps to limit personal data collected and limit sharing of the data with third parties, says Ozzie Fonseca, senior director at Experian Data Breach Resolution, the survey sponsor. About 42 percent limited the amount of personal data stored.

"Collecting and storing unnecessary information is never a good idea," Fonseca says.

In an interview, Fonseca says the survey of U.S. companies in various industries, conducted by the Ponemon Group, also determined that after a breach:

  • Many organizations put in place training and awareness programs to help reduce the risks of future breaches.
  • Most increased their security budgets, and 28 percent hired additional IT staff.
  • In addition, the actions most often taken to help reduce negative consequences of a breach were to hire legal counsel and forensics experts.

Fonseca is a Certified Information Privacy Professional who serves as senior director at Experian Data Breach Resolution. He has worked in the identity protection arena for nearly a decade.

Around the Network