Scott Larson interviewed for SC Magazine article entitled, NIST releases draft guidelines for data protection. An excerpt from the article:
Scott Larson, a computer forensic consulting executive, told SCMagazineUS.com on Thursday that he thinks the guidelines are timely and that there will be an increased focus on privacy protection once President-elect Obama takes office next week.
“I think with a change in administration, a lot of these data privacy issues will be re-examined,” Larson said.
There has been increased concern how federal agencies are storing, accessing and mining for data, he said.
PII can include things such as names, personal identification numbers (Social Security number, passport number, driver’s license number, credit card number), address information, and other personal characteristics (photos, fingerprints, retina scans).
The report also recommends that organizations create policies for handling PII, with clearly defined consequences if they are not followed. Entities should provide education, training, and awareness to employees on protecting PII. The document contains exercises with scenarios involving PII and questions to build skills and teach employees how to handle it.
Larson said organizations may struggle with one of the recommendations, which asks them to categorize data based on its level of confidentiality. Agencies simply may be unable to accomplish this because they don’t have enough employees.
“Sometimes it comes down to resources,” Larson said.
Larson said encryption or obfuscation are the most effective ways to protect data.