Protecting regulated mobile data a gray area for practitioners

Share this article:
Protecting regulated mobile data a gray area for practitioners
Protecting regulated mobile data a gray area for practitioners

A recent survey of IT professionals revealed that 40 percent can't determine whether they're complaint with laws protecting data stored on mobile devices.

According to a report released Tuesday, named “The Risk of Regulated Data on Mobile Devices,” only 12 percent of practitioners said their organizations were in “substantial” compliance with laws that protect regulated mobile data, while 17 percent said they weren't in compliance with applicable laws and regulations at all.

Conducted by the Ponemon Institute, the report surveyed 798 IT and IT security practitioners at U.S. organizations who are familiar with their company's efforts to comply with privacy and data protection requirements and regulations. The study was sponsored by WatchDox, a Palo Alto, Calif.-based firm that offers document tracking and compliance solutions.

Larry Ponemon, chairman and founder of the Ponemon Institute, told on Monday that the responses reflected that security staff needs more help defining what they should do to strengthen their entity's level of compliance – rather than a set of rules that explain how they could break the law or be fined.

“A lot of the regulations are not necessarily prescriptive,” Ponemon said. “Unless you tell [security practitioners] exactly what they are supposed to do, breaking it into little components, you find that the organizations cover compliance very broadly."

While a fair percentage of respondents, 40 percent, said the industry-driven Payment Card Industry Data Security Standard (PCI DSS) offered specific requirements for protecting regulated data on mobile devices, respondents weren't satisfied with the prescriptive nature of some federal regulations.

Eight percent of respondents felt Sarbanes–Oxley, a U.S. law setting standards for public company boards, management and accounting firms, laid out necessary guidance. Seven percent said the same of the Fair Credit Reporting Act, which regulates the sharing and collection of consumer credit report information.

And two percent of those surveyed believed that the U.S. Securities and Exchange Commission, the federal body that regulates the country's stock exchanges and investment practices, specified how their organization should go about protecting regulated mobile data.

Share this article:

Sign up to our newsletters

More in News

Russian hacker Seleznev ordered to remain in custody

Roman Seleznev's attorneys requested that the hacker be released on bond, but their pleas were rejected this past week.

Bug in iOS Instagram app fixed, impacts Facebook accounts

The vulnerability comes into play when Instagram users search for Facebook friends to "follow."

AP denied security docs on, a risk to private information

AP denied security docs on, a risk ...

The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on