Behind the Data: Why different industries are all concerned about data privacy
Ian Lopez, From Legaltech News
A survey of nearly 600 professionals across industries uncovered attitudes toward protecting sensitive data.
The digital world can be a dangerous place for businesses, and concerns are elevated for those overseeing sensitive data.
In effort to uncover attitudes and priorities for modern data risk management, Guidance Software conducted a “2016 Data Risk and Privacy Survey.” Responses were collected from over 580 professionals in risk management, legal, regulatory compliance, security, and IT working in government, technology, manufacturing, healthcare, education, and financial services.
Nearly half (46 percent) of respondents placed the protection of “sensitive data and privacy” as one of the top three concerns for their respective companies, with respondents in government (19 percent), IT (15 percent) financial services (11 percent) and healthcare (10 percent) accounting for the top five industries listing data protection as a top-of-the-list priority. Thirty-eight percent of organizations listed data protection as a ‘medium priority’ while only 7 percent listed it as ‘low.’
“When we surveyed and 46 percent say that [protecting sensitive data] is a top three initiative in their organization, it’s a priority,” Guidance Software product marketing manager Charles Choe, who came up with the idea for the survey and was instrumental in its assembly, told Legaltech News. “Very large enterprises, organizations that have hundreds of thousands of nodes, they tell us that it’s a priority.”
The majority of respondents (37 percent) listed ‘regulatory and policy compliance’ as a key driver for their organization to invest in a data management solution. This, Choe noted, is perhaps due to “a lot of data privacy regulations” occurring across the Transatlantic, “especially in the EU with the General Data Privacy Regulation (GDPR).” For “a lot of organizations that are international or multinational in scope,” the GDPR has had “a significant impact” on how companies handle data as they avoid violating laws.
“When it comes to products and services through the internet, just globally there’s a lot of e-commerce and a lot of traffic that’s happening, and you can’t help but be exposed to in some degree customers in the EU,” he said. Additionally, customers “have a higher level of expectation and are getting more involved in how organizations are treating customers’ data.”
“With the level of increasing expectation, evolving data privacy overseas as well as the multinational proponents of organizations, I think all those combine to say, ‘Hey we really need to think about this data privacy from a regulatory perspective and make sure we’re in compliance, because the cost of compliance is less than the cost of noncompliance. And I think people are trying to get their ducks in a row now,” he added.
Customer expectations appear to have had a significant influence on companies’ approach to data, as 44 percent of respondents listed ‘customer data’ as the ‘sensitive data’ that they were ‘most concerned about protecting’. The second on this list was financial records, which came in at a little over 10 percent, followed by trade secrets (9.7 percent).
When it comes to compromising customer records, “the cost is high, from a reputational perspective, and that can bleed into a financial impact as well,” Choe explained.
As to why concern over customer data is so prominent, he said, “I think the penalties of noncompliance, with the increasing protection for customers is one reason. Number two is customer expectation, and all of that packaged together by corporate responsibility and just making sure you’re not on the front page of the news. Because once the customer’s confidence is lost, I think that leads to loss of or even elimination of your business.”
The survey also looked into what locations of data residence companies felt the most concerned about protecting. For most respondents (30 percent), servers were of the utmost concern, followed closely by endpoints – i.e., user desktops and laptops – at 25 percent. Choe said that he found this somewhat surprising, as many solutions “don’t really focus on the endpoints and focus more on file shares or servers. But the fact that 55 percent send end points and servers gave us a really good indicator that they’re really interested in protecting sensitive information at those entry and exit points.”
Interestingly, there was less interest expressed in protecting file sharing (10 percent), which he thought would be seen more toward the top of the list, as through it, many people still have access to sensitive data. Other locations for concern include email (10 percent), content management systems (5 percent), and the cloud (12 percent).
However, in Choe’s view, the focuses of concern “will evolve because technology evolves.”
“A lot of organizations are using the cloud. Not only for repositories of data, but their entire infrastructure, their networking and everything, is moving to the cloud. Because of that, I think we’re going to see a lot more vulnerabilities in the cloud,” Choe added.
For more on this story go to: http://www.legaltechnews.com/id=1202758748730/Behind-the-Data-Why-Different-Industries-are-All-Concerned-About-Data-Privacy#ixzz4AFaxaZsP