Few in the retail industry are likely to forget the theft two years ago of more than 45 million credit card data numbers from the giant discount retailer, TJX Cos (parent company of Winners). Numbers like that attract the attention of the media, regulators, lawmakers and lawyers, with the result that TJX and its subsidiaries have been dealing with the monetary, legal and reputation impact ever since.

While much of the focus within the retail industry has been on protecting customer information, organizations face risks around the protection and control of all intellectual property, including sensitive corporate information. In many cases these types of losses or misuses go unreported, but have a lasting negative impact on the business.

How is data lost?
In many organizations, people don’t know where sensitive data resides, what data is considered sensitive, or to which compliance and regulatory requirements their organizations must adhere. Educating users is essential for protecting and controlling information, preventing data loss and curtailing fraud.

The good news is, technology now exists to educate users, and to protect and control information in an effective and efficient manner.

Surprisingly, most data loss — 70 to 80 percent of insider loss — results from simple human error: lost laptops and USB keys and misdirected emails. That’s because most lost data is “spilled” out of controlled applications like payment, ERP (Enterprise Resource Planning), HR (Human Resources) and CRM (Customer Relationship Management) systems onto unstructured and uncontrolled systems like laptops, removable media, and email. Unfortunately, the collaboration and productivity technologies upon which organizations increasingly rely — such as email and USB keys — are also enablers of data loss.

How can we prevent data loss?
Most organizations don't know what data they have. They need a better way of finding sensitive data in their organization. Discovery and understanding of what critical data is being retained in a retail organization is the first step to data loss prevention (DLP). Some Enterprise DLP solutions provide this functionality today but many vary in ability to scale and accuracy. Identity-driven DLP tools can help find and manage sensitive information throughout the organization.