The Pressure to Find Your Sensitive Data
By: Elizabeth Mckinnon
Your organization has a massive sensitive data footprint—and you've been given the monumental task of trying to reduce it. Except your organization's data could be anywhere, proliferating at an unprecedented rate as each day goes by. While much of the data you collect may be harmless, the critical and sensitive information lives among it, often hidden in plain sight.
To put it simply, anywhere you have data you might have sensitive data. In order to reduce your sensitive data, you have to find it, classify it and remediate it. A tool like Spirion's Data Privacy Manager enables you to take the first step in controlling the sprawl of your sensitive data. Here we will discuss why sensitive data protection is increasingly important and some of the many places your sensitive data might lurk.
The Pressure to Find Your Sensitive Data
Sensitive data is information that must be protected against unauthorized access. With heightened focus on regulations and the potential massive damage to your organization's reputation, intellectual property, efficiency and bottom line, if you're not locating and classifying your data, you're putting your organization at risk.
Increasing Privacy Regulations
There is increasing public attention to privacy and data rights, from the public as well as legislators. The implementation of Europe's General Data Protection Regulation (GDPR) in 2018 and California Consumer Privacy Act (CCPA) in January 2020 forced many companies—indeed, anyone with a website—to take notice of privacy concerns. These two pieces of legislation are only the beginning. More than 100 countries have their own data privacy laws. Numerous other U.S. states seek to follow California with their own privacy regulations. A noteworthy example is the New York Shield Act, which took effect March 21, 2020.
Fines for violating the CCPA can reach $7,500 each. GDPR fines are even steeper. The less severe violations can incur fines of two percent of a firm's annual revenue or €10 million (about $11 million). With the evolution and addition of new privacy laws and regulations, remaining compliant can be a challenge. Sensitive data protection allows you to sort out the confusion behind data privacy regulations and effectively deploy your limited resources so you can focus on other critical business needs.
Protection for Your Brand Reputation and Equity
Your systems hold extensive data about your employees, customers and others with whom you do business. Eighty percent of respondents to a 2019 Pew Research Center survey said they are "somewhat" or "very" concerned about how companies use their personal digital data. When you collect names, home addresses, payment card information, social security numbers, email addresses, and other personal information, you accept the responsibility for protecting the most invaluable assets of your colleagues, customers and community. Failing to do so can result in severe reputation damage and loss of business, turnover, damaged trust and lawsuits. The blow to consumer confidence can affect stock prices for months or years.
Finding this sensitive data can keep you in control and safeguard your most valuable information.
Time and Cost to Recover from a Data Breach
Data and privacy breaches continue to grow with more than 33 billion records projected to be stolen in 2023—a 175% increase over 2018.The global average cost of a cybersecurity breach is $3.92 million and rising, according to the Ponemon Institute. In the U.S., the average is much higher, $8.19 million. The same report states that the average time a company takes to recover from a breach is 279 days (more than nine months), also increasing year-over-year. Implementing a data protection plan before a data incident (or breach) takes place is vital to business' ability to survive and thrive.
Overcoming the Challenges of Locating Sensitive Data
While every organization understands the need to control, manage, and reduce their sensitive data footprints, some struggle to keep up. The sheer amount of data, along with its huge ranges of locations — some you may not even know about — can seem insurmountable.
Sensitive data can be spread across structured, unstructured, and cloud locations. Many companies direct resources only at protecting the cloud, while giving less attention to end points. In fact, employee laptops or PCs, servers, and even printers could harbor sensitive information. The risks increase as employees work from home or remotely.
Some data privacy management software is designed to find, classify and protect sensitive information only in certain kinds of locations. However, your security is only as strong as its weakest link. It's important to use a tool that can find sensitive data everywhere it exists.