This week in GRC we examine data-centric security, new consumer protection laws in Massachusetts and Pension Risk Behavior Index.

Data-Centric Security

InformationWeek Analytics Data-Centric Security Survey showed that more organizations are using a data-centric model than was expected with only 10% being dismissive of the entire approach.

While some companies have set out to focus on data -- 42% of respondents have either already deployed or plan to within the year -- participants suggested that it’s been greatly influenced by the growing popularity of data loss protection (DLP) technology.

Protecting Consumers’ Personal Information

This week, new regulations to protect personal information collected from consumers will take effect in Massachusetts. Companies throughout the U.S. have been working overtime to prepare. The new rules will help to protect the loss or theft of confidential information about consumers, such as Social Security and credit card numbers.

Although the rule applies to Massachusetts specifically, any institution that holds personal data about residents of Massachusetts must create a written policy for protecting the data, and must train employees to follow the rules, as well as encrypt any personal information when it is transmitted over the Internet or a wireless data network.

Not only because it’s the law, but because of the fines associated with it, organizations are scrambling to comply with the new regulations, or risk US$ 5,000 for each violation.

Pension Risk Behavior Index

The 2nd Annual MetLife U.S. Pension Risk Behavior Index, a survey of 166 corporate plan sponsors, found that executives overseeing corporate plans are no longer largely concentrating on assets. Instead, early retirement risk, mortality risk and longevity risk were ranked as priorities. The findings also indicated that traditional methods of mitigating risk may no longer be as effective pension for plan risk management as they once have been.

In 2008, the survey characterized it as the last of the “total rate of return” years, but 2009 could be known as the “year of awareness.”

Which just begs the question: What will 2010 be? So far, there’s reason to believe that we will see a new era of informed risk assessment and management.