1. Organizations will increase implementation of social networking policies. For many consumers, social applications have come to define their lifestyles, and they are increasingly bringing their private lives into the workplace. In fact, mobile devices have created a world of "24/7" employees, erasing the already fine line between work and home. Employers will need to focus and develop an organization-wide strategy for social networking policies as they relate to data security to ensure that employees do not open the company up to undue risks.
2. Data encryption will be seen as a "golden ticket" to compliance. Encryption is often incorrectly positioned as a complete solution to data security. It is one of the best defenses against malicious attempts to hack electronic data, and given the new data protection laws in Massachusetts and Nevada, encryption is fast becoming an essential part of organizations' compliance checklists. But to truly ensure that all bases are covered, companies will have to remember two caveats: first, compliance doesn't equal data security; second, encryption doesn't equal a total solution – it's only one tool in the data security arsenal.
3. Third parties will face more stringent breach notification requirements. HITECH is placing business associates under increasing scrutiny, as businesses rely more and more on third-party data collection. Expect to see more organizations placing stringent contractual obligations on their third parties to protect company data.
4. Privacy awareness training will gain prominence as an essential component of breach preparedness. Technology fixes like encryption are effective but expensive, and electronic monitoring alone won't catch all instances of PII misuse. With comprehensive privacy awareness training, employees can act as privacy advocates who know how to recognize security hotspots, understand legal obligation and use vigilance whenever they deal with PII. This is the kind of security equity that no technology can buy.
5. The possibility of a federal breach notification law is high for 2011. While it's difficult to predict with certainty, there are some compelling reasons why an overarching federal law is on the horizon:

• States are moving forward, creating a confusing tapestry of conflicting law. A federal law would cut through the noise.
• Congress has enacted considerable legislation recently – namely HITECH – that opens the door to further legislation.
• Through grants and other funding sources, the federal government is continuing an aggressive path to encourage the growth of technological initiatives (such as the ONC Beacon grants). These new initiatives require new ways of thinking about data security and privacy.

Kroll is a risk consulting company with headquarters in New York.