One of the people to follow on Twitter is John Fontana (@JohnFontana), a self described “Evangelist for identity; also cloud, security for PingIdentity. ZDNet blogger. Tapping social media tools and reporting news of the day. Rando skier, cyclist”. In a recent exchange of tweets with John the topic of the day centered on recent data breaches with a focus on privacy. There was a twist in this discussion in that John was citing breaches that did not include personal information from customers or employees. The breaches were targeting corporate intellectual property (see Coke Gets Hacked And Doesn’t Tell Anyone).
Intellectual Property as Personal Information
John and I agree that just as your customers and employees have personal information that needs protection, so does your business. The intellectual property, or IP, your business holds includes the designs, the strategies, business plans, customer agreements, vendor agreements and so much more. Loss of this information can have a disastrous effect on your business if they are revealed to someone who should not see it. While the impact will be felt by far fewer people than a breach of personal information, the competitive advantage generated through the creation of the misappropriated IP is now lost to you as is your investment in the IP’s creation and future profits the IP may have generated.
Intellectual Property as Part of Your Privacy Program
Access to IP is hopefully protected by at least the same policies, technology, and business practices as the personal information you collect. In several discussions, particularly with SMBs, Privacy Ref has learned that in many cases IP has fewer protections than personal information. For a simple example, personal information is usually kept in a centralized, structured database or in a secured file share. While IP may be found in the same locations, IP is frequently also found on unencrypted executive laptops and other mobile devices. Easier access for executives, more susceptible to loss, easier access for hackers.
You can include IP protections as part of a Privacy Program Assessment to verify that your business’s own personal assets are protected.