Retailers need to understand where their data is

The data vaulting firm's comments as the latest (Feb 1) research from Deloitte claims to show that 86 per cent of retailers have never performed an inventory to check where customer data is stored and how that information is managed.

"The Deloitte findings confirm our own worst fears when it comes to data losses, as witnessed by the high-profile TK Maxx customer card information losses of more than a year ago and, of course, the recent laptop and data losses by various government agencies in the UK," said Calum Macleod, Cyber-Ark's European director.

According to Macleod, despite the corporate governance issues involved in the Companies Act 2006 - the provisions of which are due to be phased in later this year - and the PCI-DSS (Payment Card Industry Data Security Standard), which major retailers processing card transactions must now abide by, it is clear that many retailers are not fully aware of where there data actually resides. "Most companies *think* they know where their customer and allied data is on their IT resource but, as the Deloitte research reveals, most of them have not actually carried out an audit in this regard. The potential ramifications from this fact are quite staggering," he said.

Macleod went on to say that retailers should conduct an information audit as a matter of priority and, based on their findings, should take steps to protect their customer data, if they are to avoid possible prosecution under the Data Protection Act.

"And that's before the provisions of the Companies Act 2006 begin to get teeth," he said.