Text 4

阅读4

It never rains but it pours.

不鸣则易，一鸣惊人

Just as bosses and boards have finally sorted out their worst accounting and compliance troubles, and improved their feeble corporation governance, a new problem threatens to earn them - especially in America - the sort of nasty headlines that inevitably lead to heads rolling in the executive suite: data insecurity.

正当老板和董事长终于解决了最糟糕的财务和规章问题并加强其公司的薄弱管理之后，数据安全这个新问题又威胁到他们。该问题以让人厌恶的方式出现在头版头条新闻中（尤其在美国)，进而不可避免地导致管理层的走马换任。

Left, until now, to odd, low-level IT staff to put right, and seen as a concern only of data-rich industries such as banking, telecoms and air travel, information protection is now high on the boss's agenda in businesses of every variety.

在这之前，信息保护通常还只是临时的、低层次的值息技术员的工作，并且只被诸如银行、电信、航空公司等数据量大的行业重视，可现在这个问题被放在了各行各业老板的议亊日程的重要位置。

Several massive leakages of customer and employee data this year - from organizations as diverse as Time Warner, the American defense contractor Science Applications International Corp and even the University of California, Berkeley - have left managers hurriedly peering into their intricate IT systems and business processes in search of potential vulnerabilities.

今年发生了多起消费者和员工信息的重大泄密事件。这些泄密事件发生在时代华纳、美国国防部承包的科学应用国际公司以及加州大学伯克利分校这样的不同机构。这使得管理人员匆忙检查那些复杂的信息系统和商业程序，以便寻找潜在隐患。

“Data is becoming an asset which needs to be guarded as much as any other asset, ” says Haim Mendelson of Stanford University's business school.

斯坦福大学商学院的海姆·门德尔森认为“信息正在成为一种需要像保护其他财产一样而保护的财产”。

“The ability to guard customer data is the key to market value, which the board is responsible for on behalf of shareholders. ”

“保护消费者信息的能力是市场价值的关键因素，这是董事会应该为了股东的利益而承担的责任”。

Indeed, just as there is the concept of Generally Accepted Accounting Principles (GAAP), perhaps it is time for GASP, Generally Accepted Security Practices, suggested Eli Noam of New York's Columbia Business School.

纽约哥伦比亚商学院的埃尼·诺姆暗示，事实上正如存在公认会计原则的观念一样，或许可能应该是采取公认安全措施的时候了。

“Setting the proper investment level for security, redundancy, and recovery is a management issue, not a technical one, ” he says.

他表示“为安全、备份以及恢复确定适当的投资标准是一个管理问题，不是技术问题。”。

The mystery is that this should come as a surprise to any boss.

其神秘在于，对任何老板来说，这可能是一个意外。

Surely it should be obvious to the dimmest executive that trust, that most valuable of economic assets, is easily destroyed and hugely expensive to restore - and that few things are more likely to destroy trust than a company letting sensitive personal data get into the wrong hands.

然而显而易见的是：对于最迟钝的管理人员来说，诚信是最珍贵经济财产，却被轻易地破坏，而恢复诚信的代价高昂。而且，一个公司让敏感的个人信息落入不法分子之手。这是最可能破坏诚信的了。

The current state of affairs may have been encouraged - though not justified - by the lack of legal penalty (in America, but not Europe) for data leakage.

这类事情的现状可能受到缺乏有关信息泄露的法律处罚（在美国，不是在欧洲）的激励，尽管还没有的到证实。

Until California recently passed a law, American firms did not have to tell anyone, even the victim, when data went astray.

直到加利福尼亚最近通过了一项法律，美国的公司不必告知任何人信息何时泄露，甚至包括受害人。

That may change fast: lots of proposed data-security legislation is now doing the rounds in Washington, D. C.

这种情况可能迅速改变：如今，许多被提议的信息保护立法正在华盛顿特区讨论。

Meanwhile, the theft of information about some 40 million credit-card accounts in America, disclosed on June 17th, overshadowed a hugely important decision a day earlier by America's Federal Trade Commission (FTC) that puts corporate America on notice that regulators will act if firms fail to provide adequate data security.

同时，6 月 17 日有关偷窃约 4000 万信用卡账户信息事件的披露给此前一天美国商务委员会的一个重要决定蒙上阴影，该决定的内容是：如果公司没有提供适当的信息安全保护措施，那么监管人员就会采取行动。