Information and customers are the two greatest business assets. Few executives would disagree with this statement. So, what does it mean for your business when your two greatest assets - data and relationships - are simultaneously jeopardized? This is exactly what happens when customer data falls into the wrong hands.

The genuine desire to protect the privacy and security of customers' personal data certainly isn't new. Businesses everywhere continue to implement new procedures and technology to protect their assets. Yet fraud is on the rise and consumer confidence on the decline. Companies have been publicly humiliated, slapped with audits, and threatened with prosecution, but sensitive personal data continues to be compromised.*

Is this really surprising? The information landscape has changed so drastically in such a short amount of time that it's difficult to keep up. In reality, we've gone from the Rolodex to the Smartphone, from Ledger Pads to PDAs, from Typewriters to 64-Bit Processors, from While-You-Were-Out-Memos to E-mailable Voice Mails - all in under two decades. We made a major leap from a fairly disconnected world to a wirelessly-connected one. In our 21st Century society, we have access to billions upon billions of pieces of information. And the amount of information around us grows with every new gadget we use, every new web page we can access, and every hard drive that's capable of storing more and more data.

I like new gadgets just as much as the next guy, and I don't remember what life was like before Google, but juggling the information around me can be a real challenge, let alone managing it effectively. Like all Americans, I'm inundated with information every day. And I do everything in my power to limit the amount of information that clutters my life. Recording my favorite TV shows with my DISH DVR enables me to watch them later, commercial-free. Caller ID screens my phone calls for me, junk mail meets the shredder before it ever sees the light of day, spam filters remove an ever-increasing amount of useless e-mail from my inbox, etc. Despite my efforts to limit data overload, however, I still suffer from too much unwanted noise in my life.

While most of us don't want to be bothered with the unsolicited noise, we do want access to every possible piece of information - information that, over the years, we've grown used to having, maybe even to the point of feeling entitled to it. It is exactly this colossal amount of noise and its 'round-the-clock availability that has opened up doors to data insecurity. There's so much information out there just begging to be accessed. Most of us are harmless researchers and casual onlookers. There are, of course, the hackers, those who are up to the challenge, either for thrill or for gain, of accessing what the rest of us know is inaccessible (or should be). And thank goodness for the whistleblowers, like Nick Staff, who inadvertently came across a Social Security number-revealing PDF and brought the Justice Department's mistake to light.

Simply combine the ease-of-access and the sheer volume of information with the high levels of scattered, poorly managed data in today's businesses, and we've practically laid out the Welcome mat for hackers everywhere. If you've followed this topic in the media recently, you may be asking yourself how your business can protect its assets when some of America's largest companies - and even the U.S. government - have suffered significant data exposure.

In the month of December alone … Social Security numbers and other personal data of an unknown number of people could be seen on the Department of Justice's web site … Social Security and credit card numbers and other personal data of 206,000 Marriott employees and customers went missing … a computer with personal data, including Social Security numbers, on 70,000 current and former Ford employees was stolen … a tape containing data on about two million ABN AMRO customers was lost as it was being transported, although the tape was later found … and at least 600 Sam's Club customers had credit card data stolen.*

If companies with the resources, the manpower and the funding to prevent data exposure are vulnerable, what hope is there for the rest of us? Let's start with the following checklist.*

• Set a Data-Protection Policy. Too many companies still don't have one.
• Inventory Data. What do you have? What's most at risk?
• Use Encryption. It protects data that might fall into the wrong hands.
• Avoid "Bagel Defense." A hard exterior isn't enough if your network interior is soft.
• Think Outside the Box. Policies should extend to laptops and cell phones.

Now let's look at it from a document and content management perspective. According to Forrester Research, the typical enterprise has at least three content repositories, and 40 percent have six or more. Let's face it, disparate data - in content repositories, on microfilm, in file cabinets, on desks, in mobile devices, everywhere - is difficult to manage, and because it's difficult to manage, it screams vulnerability. Likewise, laborious manual processes open doors to lost documents, unnecessary touch points and lack of accountability.

Merging your documents and content into a single database and image repository will make your data easier to manage. User-level authorization and document-level security can aid in maintaining the privacy and security of sensitive information. Add automated workflow into the mix and you've further decreased your vulnerability. Business process management applications can automate the flow of documents and data from desk to desk and between different offices - in a much more secure manner than documents that are routed manually. A good workflow application can also log all steps, decisions, actions and touch points for auditing purposes.

One could argue that data security is ultimately rooted in understanding your data, quantifying it, managing it and knowing where it is at all times. How can you possibly protect something you don't understand, can't quantify, and have difficulty managing and tracking? Document and content management and workflow technologies can take you at least that far. Uniting, understanding and properly managing your data, with concrete policies and permissions in place, is essential to helping the folks in IT lock it up tight and throw away the key.

Would a thorough data inventory and information management system have prevented the Justice Department's accidental posting of personal data to its web site? Probably not, accidents happen … unless it was done by an employee who shouldn't have had access to the documents. Document-level security could've prevented it, too. Would someone at Justice have realized the blunder sooner, perhaps before Staff did? Maybe, if they really had a good grasp on all their data, especially the high-risk stuff. Would the department have taken him seriously and acted accordingly when Staff informed them of the problem on November 12th (rather than ignoring it for more than a month)? With good tracking tools and the ability to verify his claim quickly, there's no reason they shouldn't have.

The threat of data being compromised isn't going away. It's a problem that tests big businesses and can destroy small businesses. Unfortunately, perhaps the best the business world can do at this point is to try to slow it down. The annual tune of $48 billion in business' identity theft damages (the Federal Trade Commission's conservative estimate) and the threat of public humiliation, audits, prosecution and really unhappy customers, certainly warrants doing all you can to protect and secure your data. Identifying and remedying weaknesses in policies, applications and scattered data - and knowing your data and its risks better than any hacker ever could - is a logical place to start protecting your two greatest assets.

[*Checklist and Noted Excerpts Borrowed from InformationWeek, "Sad State of Data Security," January 2, 2006]