Pioneers in secure data storage devices

Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing ever-increasing amounts of data on multiple endpoints. – Unfortunately, people are also careless and are susceptible to losing endpoints. Regulatory Compliance: New and enhanced legislation in many regions of the globe demand strong protection of specific data categories and may have a high impact if the data is lost or exposed. Business Risk: The costs associated with compromised information can be high. – A breach of law or regulation can lead to substantial fines. – Failure to comply to industry requirements may have financial or operational consequences. – Notification of breaches can lead to severe reputational damages. – Financial loss associated with sensitive business plans or intellectual property may be high. Confidential2 Industry Landscape: Industry Landscape: Relevant Market Dynamics; The Importance of Secure Data

New legislation introduced on 6 th April 2010 gives the Information Commissioner’s Office the power to fine organisations up to £500,000 for serious breaches of the Data Protection Act. Most data protection acts, notably those in Europe and Japan, demand adequate protection of personally identifiable information (PII). In the United States, some states (Massachusetts and Nevada) have recently added data-protection laws that specifically call for the use of encryption. Data breach notification laws are related to data privacy acts. After 2003, when the California Security Breach Notification Act (SB 1386) became effective, other state laws have spurred the adoption of encryption across many industries. At the moment, most U.S. states have breach notification laws that have a safe harbor for the use of encryption. European Union (EU) law for data breach notification has been limited, but changes are under way. For the telecom sector, the EU telecommunications regulation reform package that was passed in November 2009 requires EU member states to introduce mandatory data breach notifications into local legislation. Transposition of the telecom reform package into national legislation in the 27 EU member states was to take place by May Nonetheless, it is important to note that some countries (e.g., Germany, Spain, UK, and Ireland) had introduced data breach notification requirements into local legislation or regulatory codes of practice before In Canada, data breach notification has been instituted as a voluntary guideline but is currently being proposed as law in the form of an amendment to the Personal Information Protection and Electronic Documents Act (PIPEDA). Japan has had breach notification regulations for several years. Confidential3 Source: Gartner, Comparing Endpoint Encryption Technologies. Published 8 September 2011 Industry Landscape: Industry Landscape: Regulatory

Protected health information (PHI): In the United States, Health Information Technology for Economic and Clinical Health (HITECH; 2009) expands Health Insurance Portability and Accountability Act (HIPAA) to business associates and includes breach notification requirements for unsecured health records. It offers breach notification safe harbor if acquired data was encrypted. Payment card data: Payment Card Industry Data Security Standard (PCI DSS) by the PCI Security Standards Council contains requirements on the storage of cardholder data and the management of key material. Finance data: In some countries, financial regulatory bodies such as central banks have strict requirements, which may include breach notification, on the protection of customer information. An example is the Gramm-Leach-Bliley Act in the United States. Confidential4 Source: Gartner, Comparing Endpoint Encryption Technologies. Published 8 September 2011 Industry Landscape: Industry Landscape: Regulatory (Cont.)

Nuclear plant data lost by health and safety watchdog employee – Scottish charity reports data loss due to unencrypted USB sticks – Companies Lose $2.5 Million from Missing Memory Sticks, Study Says – University of Miami patient data stolen – Lost USB stick earns Rochdale Council ICO rebuke – Boy Finds USB Stick With Private Medical Records – Confidential5 Market Opportunity: Market Opportunity: Breaches Happen… In the News

The Problem: Organisations are subjected to significant exposure as a result of increasingly stringent laws, regulations, industry standards, insurance requirements and consumer expectations related to data security and loss. Increasing emphasis on employee mobility and other drivers requires the use of convenient devices that provide a secure computing environment. Unfortunately, employees lose portable storage devices and often do not report the loss to their management… The Opportunity: As a result, organisations are beginning to turn to encrypted portable storage devices as the solution. High quality, easy to use and reasonably priced products, such as iStorage’s products, will have an advantage over inferior products. Focus on the niche of encrypted/secure storage devices provides a competitive advantage over competitors. Confidential6 Market Opportunity: Market Opportunity: Problem and Opportunity

®

®

®

Confidential11 Company Overview: Company Overview: Press, Reviews and Accolades Link to read reviews

Confidential12 Company Overview: Company Overview: Press, Reviews and Accolades (Cont.) Link to read reviews

Distributors in over 25 countries and expanding