Changing the Game: The Role of the Private and Public Sectors in Protecting Data

U.S. National Issues Dialogue


The Role of Public Sector in Protecting DataRecent events in the financial services industry remind us that it is absolutely vital to stay prepared. The question is not what to do if the next crisis occurs, but what to do when it occurs. One area that calls for greater preparation is data protection. In today’s world, data is everywhere and its value is growing. While this environment brings many benefits, it also creates a grave responsibility: to safeguard our data against an increasing multitude of skilled and resourceful thieves.

Data protection is a global issue that plagues both the private and the public sectors. It is also a daunting issue — an evolving problem with a diverse set of culprits and no clear-cut solution. Data drives our enterprises; we need to understand and mitigate the risks that cyber criminals pose to our business operations. Until we do, data thieves will continue to thrive in a disorganized, ill-equipped and often naïve world.

The Obama administration has signaled that it understands this imperative. In February 2009, President Obama appointed Melissa Hathaway, a leading expert on cybersecurity, to investigate all the ways in which the federal government manages and safeguards data. The Obama administration ordered the 60-day review to improve coordinating efforts by the government and the private sector to protect the nation’s data infrastructure.

But even while our nation launches these efforts, criminals are continuously refining their game, finding new ways to exploit our systems and steal our information. It is time to raise our game, to better prepare ourselves, and to work together to protect data from individuals waiting to exploit it.

Motivated by this common goal, we gathered executives from the private and public sectors in Washington, D.C. on October 8, 2008. They came to collaborate on raising their data protection game. Bringing together private and public organizations afforded several benefits. It enabled participants to directly examine the impact of government regulations on private industry. It also gave participants a chance to share valuable insights regarding leading industry and government practices for addressing universal challenges in data protection.

The meeting used electronic polling and real-time graphic recording to stimulate discussion and capture key insights. Among topics that participants explored were:

  • 3 rd Party Data Exchange
  • Creating a Culture for Data Protection
  • Insider Threat
  • Operational Fraud

While data protection is undeniably a complex issue, one thing is clear: We must take collective action to assert a new, formidable presence in a previously one-sided game. We are pleased to present you with the findings from this unique forum, which are available to download at the bottom of the page. We hope you find them useful in your efforts to safeguard data.


Joni Swedlund
Federal Financial Services Industry
Deloitte Consulting LLP

Rich Baich 
Security & Privacy
Deloitte & Touche LLP

Output from the Session

In addition to the full report, visual representation diagrams from each discussion topic are available to download below.

Deloitte Image   Building a Culture for Data Protection
Participants discussed how we can make data protection a part of their organizations.
Deloitte Image   Third Party Data Exchange: Protecting Data Beyond Your Walls
Participants from public and private sectors discussed how we can minimize the risk posed when data is sent and received by third parties.
Deloitte Image Insider Threat: The Threat Within Your Walls
Participants from public and private sectors discussed how to minimize the risk posed by individuals within your organization.
Deloitte Image   Operational Fraud: A New Collaborative Approach to Detecting Fraud and Minimizing the ImpactParticipants from public and private sectors discussed how we can work together across sectors to detect fraud and to minimize the impact of cybercrime.


As used in this document, ‘Deloitte’ means Deloitte LLP (and its subsidiaries). Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.

Last updated