MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates

Ponemon Institute has made the list of "Useful Resources for CISOs: Blogs, Papers, Conferences & More" more...

...more

RIM Council FAQs

What does RIM stand for?

RIM is an abbreviation for Responsible Information Management, a process for engendering trust and confidence in how an organization’s leaders, employees and agents handle, manage, retain and secure sensitive, private or confidential information.

RIM is the alignment of key stakeholders’ privacy and data protection preferences with business, data and technology practices within the organization. Key RIM components include: privacy, data security, information (or data) security, confidentiality, information accuracy (or quality) and data processing efficiency.


Why is RIM important to organizations?

All organizations face the challenge of safeguarding sensitive and confidential information about individuals and their business. RIM offers a practical and holistic approach to identifying and reducing the most critical privacy and data protection risks.

The failure to protect personally identifiable information adequately can result in a costly data breach. In our most recent 2008 Cost of a Data Breach Study, the cost of a data breach has risen to $202 per record from $197 per record in 2007. 

In addition to the financial impact, organizations can experience reputation diminishment and loss of consumer confidence.  A Ponemon Institute study revealed that 20 percent of customers terminated a business relationship when a data privacy breach occurred, and an additional 40 percent would consider doing so.*

The frequency of data breaches in recent years and the resulting high percentage of individuals notified that their personal information was lost or stolen have increased overall concerns about privacy and identity theft. In Ponemon Institute’s 2007 Survey on Consumer Privacy, 84 percent of consumers who had been notified that their confidential data was lost or stolen expressed increased concern or anxiety due to the data loss. Further, consumers are not only upset about the loss of their personal data but also how the data is lost.  In our study, consumers have indicated they would have more negative perceptions about a company that lost their information due to negligence than if that company lost their information as the result of a criminal act or theft.

* National Survey on Data Security Breach Notification, Ponemon Institute, September 2005


What is the RIM Council?

The RIM Council is made up of privacy and data protection professionals from more than 50 companies. Members meet regularly to determine how best to advance solutions to the challenges facing their organizations’ acquisition, use, storage, transfer, and disposal of sensitive personal and business information. These solutions are based on the RIM Framework of process management, education and awareness, monitoring, communications and redress & enforcement.


What are the goals of the RIM Council?

The RIM Council has a number of goals, which include the following:

  • Provide an ethics-based framework focused on problem solving within the context of long-term strategic needs for the management of all personal and sensitive business information assets. Develop tools that help translate policy into operational action that will enable an organization to align the information preferences of individuals and enterprises with business, data, and technology practices, while addressing regulatory considerations.
  • Address challenges faced by multi-national organizations in developing efficient and effective solutions that address cross-border information asset transactions.
  • Provide added value to member organizations through leveraging research and development resources and identifying where possible cost/benefit models.
  • Identify future challenges and opportunities to position and keep members in a proactive rather than reactive mode.

How frequently does the RIM Council meet?

RIM Council members meet frequently through conference calls and in-person meetings.


How is the RIM Council structured?

The RIM Council organization is managed by the Ponemon Institute and governed by its chairman and paid staff appointed and managed by council members and their delegates. The chairman and staff are counseled by an Advisory Board composed of an appointed group from member companies.

Member organizations may be nominated to sit on the Advisory Board. Members may have multiple individuals from their organization participate in RIM Council meetings and/or working groups.