Does your organization have a policy regarding the storage of customer or other sensitive business information on USB flash drives?  A recent report from the E.U. Agency for European Network and Information Security (ENISA) details the risks associated with the loss of flash drives containing unencrypted information.  Eighty-five million USB flash drives were sold in 2007, however the report finds that 80-90 percent of those used by businesses were not encrypted.

The ENISA report estimates the potential loss associated with a loss of sensitive information on an unencrypted flash drive is between $108,000 and $2.48 million per incident.  For organizations doing business in the U.S., these losses could be higher -- many states, including Michigan, have recently passed data breach notification laws, that require individual notification to those consumers whose information was potentially compromised by a security breach.

ENISA also recommends steps for businesses to take when using USB flash drives, including setting clear security policies and employing authentication and encryption methods to prevent unauthorized disclosure of information contained on USB flash drives.  Organizations looking to avoid such risks should carefully consider these recommendations.  Access the full ENISA report here. 

For more information about legislation or litigation involving technology, intellectual property protection of information technology assets or any other Information Technology law issue, contact your Miller Canfield attorney or Kathy Ossian, Leader of our Information Technology Team, or call her direct at 313.496.7644.