Summary

The Payment Card Security Industry Data Security Standard (PCI DSS), US State and federal laws encourage and require businesses to encrypt consumers' computerized personal information and payment data. Most state data breach notice laws do not require businesses to notify their customers when customers' digital personal information has been stolen or lost if the information was encrypted.

A motivating factor that prompted many companies to implement data at rest encryption was the large amount of negative media attention garnered by stories of lost or stolen data. The type of asset compromised most frequently is
online data. An alternative method of analyzing these results is to examine the number of records of sensitive data compromised for each asset. This view shows the same conclusion. This fact may be surprising to some given the
frequent public reports of massive amounts of data at risk from lost or stolen laptops, back-up tapes, and other media.

Postponing some IT security projects could lead to risky business behaviors. Dealing with a breach is more expensive than preventing one. Regulations are requiring tighter security for more of your business information and
organizations must learn how to protect their business information. PCI and PII (Personally Identifiable Information) data can be secured in the most cost effective manner by following the guidance in this article. The case study in this
article is about an Enterprise Data Security project that addresses key areas of focus for file and database security encompassing all major platforms.