David Gibson, director of strategy at Varonis (www.varonis.com) says:

As one of the world’s top data governance solution providers, we are paying close attention to sweeping new data protection legislation that will soon be announced by the European Commission and we are advising U.S.-based companies to take a closer look at putting reliable, robust systems in place for protecting data and commit resources to protecting data in anticipation of these new laws, even if you’re not doing business abroad.

We’re already seeing the UK regulator, the ICO, imposing its first major fines on public sector bodies, so it’s clear that regulators are recognizing the increasing value of digital assets, and the need to protect them. With penalties of five percent of global turnover, you just have to shape up, or face the consequences, as it’s likely we’ll see the U.S. following suit in the near future.

With over 23 million records containing personally identifiable information (PII) (source: privacyrights.org) leaked in 2011 alone, it is more important than ever for organizations to have proactive and repeatable processes in place for identifying and protecting critical data. There are already PII laws in the U.S. including California, Nevada and Massachusetts.

Data center security professionals may be surprised to learn that the U.S. Sarbanes-Oxley Act draws closely on the original 1985 UK Companies Act. European laws are traditionally broader and deeper, and will influence U.S. legislation. In this way even U.S. companies not doing business abroad are affected by international laws so it’s imperative that we pay attention now.

The biggest risk surrounding data does not come from hackers directly compromising customer and employee files, but from overly permissive access, lack of access auditing, lack of context, and lack of automation for the volumes of unstructured data that slosh around company archives.

Research from Forrester and other analyst firms show that more than three quarters of data in large enterprises is unstructured, is overly accessible, lacks access auditing, and lacks automated analysis of authorizations and use.

Auditing this data can be difficult for data center managers but that doesn’t mean it is impossible. It just means that an organization has to invest in the necessary data protection and analytical technologies capable of auditing – down to the last file – who does what, when and where with the data.

With more than 4,500 installations worldwide, Varonis’ patented technology and highly accurate analytics engine provide organizations with total visibility and control over their data, ensuring that only the right users have access to the right data at all times.