Cisco's Michael Sanchez published a great piece called 5 Steps for avoiding data breaches.
We tweeted, plussed, and re-posted this elsewhere, and at the encouragement of SURBL's Jeff Chan, here's a blog post about this practical advice. (Do read the article in its entirety)
Step 1: Document where your data is stored and how it is accessed.
Step 2: Identify the level of protection your data needs.
Step 3: Secure your company’s data.
Step 4: Create a disaster recovery plan.
Step 5: Know what to do if you experience a data breach.
Since we are talking about data breaches, it should be noted that Canada is now considering a bill, C-12, 'An Act to amend the Personal Information Protection and Electronic Documents Act' that provides for mandatory notification of breaches.
C-12 is the re-tabling of bill C-29, a bill that died on the order table last year; it is a companion to C-28, Canada's Anti-spam Law; it also has provisions to allow Canadian law enforcement to share data and evidence with agencies outside of Canada, and even among themselves, something that is currently illegal under PIPEDA.
CAUCE supported C-29, and of course supports the passage of C-12. Given the Conservative majority, it is expected that C-12 will pass this legislative session.