Cyber Security Industry Alliance Newsletter • Volume 2, Number 1 • September 2005

CSIA Member Spotlight

About PGP Corporation

Name: PGP Corporation

Chairman and CEO:  Phil Dunkelberger

Founded: 2002

Headquarters: Palo Alto, CA

Worldwide Offices: USA , UK, Germany, Japan

Number of Employees: 188

About PGP Corporation: The global customer standard for encryption and digital signature solutions, PGP Corporation ( develops, markets, and supports an integrated data security suite used by more than 30,000 enterprises, businesses, and governments worldwide, including 84% of the Fortune 100, 66% of the Fortune Global 100, and thousands of individuals and cryptography experts. Customers depend on PGP solutions for regulatory and audit compliance, to protect confidential company information, to secure customer data, and to keep identity information private.

Areas of Specialization: The PGP encryption security suite - trusted by business, government, individual users, and cryptography experts - protects critical information worldwide. Companies and individuals mix-and-match PGP solutions to achieve regulatory risk remediation and privacy protection using a single, centralized, automatic key-management and recovery infrastructure. PGP products provide laptop protection, gateway email security, end-to-end email privacy, removable media security, instant messaging encryption, FTP/batch Transfer protection, and digital signatures. PGP Corporation is the only commercial security vendor to publish source code for peer review.


Securing the Flat World

When you phone your airline to make a flight reservation, you may be talking to Betty who is sitting in her bedroom in Utah, wearing her slippers and enjoying the view. When Betty takes down your credit card number, the information is sent to an outsourced data center in Colorado, Shanghai or Bangalore.

We are not talking about science fiction here. This is a real-life example. Thomas L. Friedman, foreign correspondent for the New York Times, uses this case to illustrate how the world has not only become a global village, but has actually flattened since the turn of the millennium. If you have not already read his best-selling book The World Is Flat, get a copy today.

You probably have no idea where your bank, medical center and tax consultants store their data. Which laws actually protect your credit card information in the data center in Bangalore? Or your medical files in Bulgaria? What about your tax information in Shanghai?

Both Europe and the United States have taken steps to secure data and ensure privacy, through legislation, investigative hearings, or other initiatives promoting awareness of privacy protection and data security. Europe and the United States have used different approaches, each with strengths and weaknesses. With open dialogue between the EU and the US, we can close the gap between these approaches and come to common solutions that capitalize on the strengths of each.

Europe has a strong reputation for privacy and protection of personal data, including data that flows across national boundaries; the EU passed its first data protection directive ten years ago. And in the US, we can look to California Senate Bill 1386, which does not prescribe to organizations how to secure the data, but simply enforces the provision that when a company loses personal information, it must inform every consumer who is affected. The company can then be sued by a consumer or by California’s Attorney General, as long as the affected consumer is a resident of California.

This legislation has proven to be enormously effective in raising awareness within companies, especially since newspapers report almost daily on security breaches involving social security numbers, credit card data, medical files, and financial statements. Imagine if your car rental company writes you a letter telling you that your credit card number has fallen into the wrong hands. Would you rent a car from them ever again? Corporations simply cannot afford such bad publicity – they have to act.

Actions such as CA1386 and EU Data Protection Directive 95/46/EC function to protect personal information. There are also technologies available that further enhance this protection, such as data encryption. For example, if someone steals the laptop of a salesperson in an airport and it contains customer information, Bill 1386 states that you must report the security breach to all affected customers. However, if the laptop is encrypted, the thief cannot read the data and no report has to be made.

Technological solutions are available and ready for the new millennium. We now have to make certain, through cooperation and collaboration with our European counterparts, that the laws are ready as well.