Thales Blog

Staying On The Right Side Of The Law Vis-à-vis Protecting Sensitive Data

February 12, 2013

If you want to understand the legal requirements for encryption in Europe and Asia, Stewart Room has the answer for you. Stewart, a partner and IT security specialist with Field Fisher Waterhouse LLP, today published the findings of research his team conducted into the legal requirements for encryption of personal data in Europe and Asia. The paper examines the legal obligation to encrypt personal data in both Europe – with particular focus on the United Kingdom, France, Germany and Spain, and in Asia – focusing on Singapore, South Korea and Japan. My company commissioned this research because we’ve had so many customer inquiries — across industries and geographies — about how to protect sensitive data in ways that satisfy legal requirements.

If you are an IT security or compliance professional handling data in Europe and Asia, this paper is an absolute must-read. The study highlights the current legal obligation to protect information in general, as well as specifically in the financial services industry. It also provides details on the obligations to stay on the right side of the law when handling personal information.

The legal focus on encryption has progressed from traditional data-loss vectors like laptops and storage media to now include databases, unstructured data, Big Data, the cloud and application data. Encryption represents the most comprehensive means of keeping sensitive data safe and certifying compliance.

With the increased demand for transparency following security breaches, and tougher monetary penalties and legal sanctions for negligence, Mr. Room concludes that, “encryption of data is not only a reasonable expectation – but a near necessity.”

For organizations that want to protect what matters and keep their legal bills low, we agree with Mr. Room that changing the state of sensitive data is a great way to mitigate business risk. Breaches are bound to occur, but encrypting sensitive data can thwart the attack from within the system. Please enjoy the paper with our compliments.

Paul Ayers is vice president of EMEA at Vormetric.