Take a minute and think about how many companies and institutions you have entrusted with your personal information like a Social Security number or bank account. More than likely you've given this information to an apartment complex, school, loan company, banks and credit card companies. You'd be surprised to know that half of them aren't securing that data!
According to a survey of 500 companies, 55% aren't securing your personal data other than credit card information as required by the recent PCI-DSS regulations and 52% aren't proactive in managing privacy and data protection risks.
Another interesting statistic to come out of the survey is that 79% of the surveyed companies have reported a data breach; with 41% of those reporting five or more data breaches.
The really bad news, especially for those of us who love to support smaller businesses, is that organizations with less than 1,000 employees fared far worse in compliance and protection of data. These organizations simply cannot meet the demands, both in labor and in cost, to deal with compliance and data security.
While there's no excuse for a company not safeguarding your personal data, which they require from you to do business, the lack of PCI-DSS compliance isn't surprising. Having dealt with this in a small part the regulations that need complied with and the surveys that need filled out are not simple to understand; especially if an organization doesn't have an individual dedicated to Information security.
Given the common occurrence of data breaches perhaps this news isn't that surprising after all but the good news, if you want to look for it, is that three-quarters of companies are working on PCI-DSS compliance to protect your credit card and other personal information. For smaller organizations, compliance and security should improve as the software and database systems they use get upgraded to support the compliance and better shield your personal information.
Until security becomes a top concern for more companies you'll need to stay vigilant and cautious about who you entrust with your personal information. The fact that the government scored a collective "C" on computer security at its last audit doesn't set to great of an example for the private sector.