|
Press Release
Informative Graphics Corporation Releases Strategies for
Securing Privileged Information, Reducing Data Breaches through
Electronic Redaction
Redaction a Key Consideration for Protecting Personally Identifiable
Information and Mitigating Risk in Intentional and Inadvertent
Breaches
SCOTTSDALE, Ariz.—March 2, 2009— Informative
Graphics Corporation (IGC), a leader in content visualization,
collaboration and redaction technology, today issued a paper
on recommended
strategies for protecting Personally Identifiable Information
(PII) as data breaches rise worldwide. Entitled Electronic Redaction:
How to Properly Redact Documents, the paper defines
proper redaction and methods for securing privileged information.
The paper is available for free download at http://www.redact-it.com/whitepapers/.
According to Nemertes Research, “Redaction should be considered for
PII in archived personnel records to mitigate risk in an intentional
or inadvertent breach. Though historically a legal/litigation function,
the need for redaction ties directly to archive, retention and enterprise
content management (ECM) policies to protect personally identifiable
information (PII). This requirement is highlighted in Nemertes' benchmark,
Security and Information Protection, in which 52.6% of participants
say that the most costly regulations to comply with are the privacy-related
regulations: HIPAA, FERPA, GLBA, PCI and CA SB1386. PII that isn't
needed should be redacted.”
Many states with data breach laws specifically mention data redaction
as offering an exemption to disclosure requirements (as is the case
in Arizona's Senate Bill 1338). States that have information-breach-notification
laws hold businesses liable for the security of nonpublic personal
information (NPI) and several states have made it a criminal offense
to steal personally identifiable information. Arizona House Bill 2484,
for example, makes identity theft a felony. An example of compliance
would be to redact customer privacy data so that it would no longer
be accessible to unauthorized parties. With the proper redaction solution,
organizations can meet the needs of businesses while reducing data
security risks.
Unauthorized access to privileged information impacts state and local
governments, major corporations, small businesses and universities,
exposing organizations to potential legal challenges or even criminal
charges. Because of these concerns, IGC has issued recommendations
to help organizations protect sensitive content. These guidelines
include:
- Inspire an across-the-board culture of familiarity and participation
in security procedure. Security of information involves principals
throughout the business. Therefore, a general agreement of content
security processes must be established to create an effective security
strategy.
- Implement new security technologies incrementally. While the
long-term mission should be defined, focus on near-term landmark
goals where possible to build an early and attainable record of
success.
- Automate security processes to minimize human error. Enterprise
Content Management (ECM) systems provide access to an organization’s
file-based data, and as a result, can expose sensitive information
to unauthorized users. An automated way to prevent this is intelligent
removal of privacy information and sensitive content from files
using integrated, role-based electronic redaction.
- Select a redaction expert to trust with sensitive information.
This person will be responsible for setting up the company’s redaction
policy, including recommending or selecting the redaction tool (or
working with the IT department to do so), learning to use the selected
tool properly, and then either performing all redactions or training
other users.
- Write a formal redaction policy with respect to who performs
redaction, what kind of documents require it, and training required
for current and new employees.
- Identify the organization’s redaction needs. A redaction tool
that fits business needs can save significant financial and human
resources.
IGC provides automated electronic redaction-enabled technologies that
integrate with today’s leading ECM platforms to address security of
privacy data. Solutions include Redact-It
Enterprise®, a highly scalable, fault-tolerant redaction server
for bulk processing of document and image files on-demand as part
of a workflow process. The software is used by state and local governments,
law firms and corporate legal departments to cleanse privacy information.
Documents include government forms, digital documents and files retrieved
for litigation purposes and public records. Redact-It is tightly integrated
into leading enterprise content management (ECM) systems and scan/capture
systems such as EMC Documentum, Interwoven WorkSite, Kofax Ascent
Capture, Microsoft SharePoint, and Open Text Livelink ECM.
“The number of data breaches over the past twelve months has been
staggering,” said Gary Heath, President and CEO of IGC“ Moving forward,
organizations are challenged with managing and securing critical corporate
and consumer content and therefore need to be aware of today’s risks.
With advanced electronic redaction resources at their disposal, IT
professionals will be in better shape to protect information under
their watch.”
Electronic Redaction: How to Properly Redact Documents is available
for free download now at http://www.redact-it.com/whitepapers/.
About Informative Graphics (www.infograph.com)
Informative Graphics Corporation (IGC),
founded in 1990, is a leading developer of commercial software
products for viewing, collaboration and redaction. IGC products,
including Redact-It and viewing/collaboration/annotation tool
Brava!, are renowned for their cost-saving value, ease-of-use,
features, and scalability and are deployed by thousands of
corporations, law firms, and government entities in the United
States and internationally. IGC maintains offices in the United
States and partners with key distribution partners worldwide.
Contact
###
Note to Editors: Informative Graphics, Brava! and Redact-It are registered
trademarks of Informative Graphics Corporation. All other names are
the properties of their respective owners. |
|
