Data Privacy on Fire
For the past 20 years or so, data breach headlines continue to capture public and legal attention. Significant data breaches are chronicled at the Privacy Rights Clearinghouse on this page.

Whether the sources of the breach is from phishing, ransomware, an insider, unprotected database, spreadsheet, or stolen laptop, there is one common truth: criminals are willing and able to find as many ways as possible to access and exploit personally identifiable information (PII).

Sparks Everywhere
According to PC World, “there are a few factors that combine to fuel this trend. First, credit card data and related customer information are a goldmine for attackers. The information can be used to clone credit cards, and the associated personal details may be useful for additional credit fraud and identity theft.”

The aging but still apt article entitled Retailer Data Breach Trend Not Likely to End Soon focuses on just what happens in the retail and restaurant industry. However, these incidents are not confined to those sectors, and occur in BFSI, healthcare, educational institutions, and government. So for a problem that is so rampant, what’s being done to better protect consumer data?

From the standpoints of consumers trying to protect their privacy and corporations maintaining their data, the most common defenses are prevention, detection, and remediation. But the reality is things are getting worse, not better.

Let it Burn?
IRI has a different strategy – breach nullification. Yes, of course do everything you can to prevent access to the data. Secure the network with firewalls, sniffers, appliances, and by all means lock down your databases and devices.

But at the end of the day, if the thieves finally do get access to that data at rest, is all lost? We say no. What the PII columns or values in your data sources were already masked with granular protection functions (much less one that you could keep changing)? It’s much harder to identify or impersonate a consumer from an exposed record (even if just one column were decrypted) when their associated data have their own encryption, redaction, hashing, tokenization, or other concealment function applied … functions the same thief cannot readily reverse.  Decryption keys can differentiated or even “scattered to the wind” this way too; i.e., even if they got one, they’d still need a lot more than one to mine the gold.

The point is, targeted and consistent data masking functions that you choose to apply to key (and quasi-) identifiers can nullify, or at least, retard, the fire damage from a data breach. Take a look at the tools in the IRI Data Protector Suite that are designed to mitigate data breaches, comply with data privacy laws, and serve up test data. Then, tell us about your use case, and we’ll help you prototype a solution to protect the consumer, patient, student, or secret data that you keep.