Saying that customer data is woefully underprotected on corporate networks connected to the Internet, IBM has unveiled services that aim to make it easier and less expensive for companies to secure that data. In addition to reducing the risk of identity theft, IBM said securing data is a corporate priority because of recent U.S. laws that stipulate stiff penalties if customers’ personal information is stolen or leaked.
Big Blue said it will team with Watchfire, a Waltham, Massachusetts-based firm that specializes in online risk management software, to offer the data-privacy services for enterprises, which it calls Online Business Management Services.
The companies said a survey they commissioned found that two-thirds of the world’s largest financial institutions collect customers’ personal data via the Web with few security practices in place.
IBM chief privacy officer Harriet Pearson noted that privacy issues are sometimes overlooked in information security programs. Improving control of private data will allow corporations to “avoid potential customer backlash and litigation, which can be devastating to a company’s brand and reputation,” he said.
IBM will sell Watchfire’s software products along with its own consulting services — which already include offerings that focus on privacy and security — and other IBM software, such as the Tivoli Privacy Manager, that can control access to data.
Mark Doll, a director of the security practice at Ernst & Young, told the E-Commerce Times that many corporations have not taken steps to become compliant with new privacy regulations, despite obvious risks.
“A lot of them will believe it when they see it,” he said. “It takes a lot of work, a major investment of time and money to really address the privacy issue. A lot of companies aren’t going to do that until they see that the laws are actually being enforced.”
In the end, Doll said, the risk of bad publicity may be more of a motivating factor than any state or federal regulations. “Companies have managed to recover [from publicized security breaches], but it’s very damaging,” he added.
The Federal Trade Commission reported last month that the problem of identity theft is worse than previously thought. This crime affected nearly 10 million Americans in 2002 and 27 million since 1997, and cost U.S. businesses some US$48 billion last year alone.
Meanwhile, corporations face increasing pressure from regulators to tighten loopholes. Businesses operating in California are subject to a state law requiring that any breach of customer data be publicly revealed, and specific rules on privacy are already in place in the health-care and financial-services industries.
IBM said its automated service will ensure that even Web sites with millions of pages can be scanned regularly to check for privacy compliance. Its service also will focus on helping companies build Web sites that meet emerging standards for accessibility by the elderly and handicapped.