Data Breaches: The impact and how to prevent them

Data Breaches: The impact and how to prevent them

Fines associated with privacy violations and misusing private data are increasing, and more regulations are coming. In January of 2019, Google was fined €50,000,000 for lack of transparency and consent in processing personal data for advertising purposes. In July, Facebook was hit with a $5 billion fine after violating a pledge not to misuse consumer data. Other well-known brands that paid recent penalties include British Airways, Equifax, Marriott International, Uber, Yahoo and State Farm.

And this is just the beginning. More substantial GDPR fines are on the way, as are new regulations.

Comparing evolving data protection regulations

California’s CCPA begins on January 2020, and several other countries and U.S. states are developing their own data protection regulations. This resource lets you compare evolving data protection laws around the world, while this one from CIO Dive focuses on the U.S.

Data breaches at the heart of the problem

Despite all this awareness, data breaches are still all too common. The recent Capital One breach is one of the largest ever. Now managed services providers (MSPs) have become a favorite target, exposing their clients to an increasing threat.

Meanwhile, the cost and complexity of dealing with breaches also continue to go up, with the global average cost of a data breach rising to $3.92 million. Delta’s lawsuit against its chatbot vendor highlights one of the potential legal consequences of a breach. What’s worse, despite growing awareness of privacy challenges among board members, according to a recent survey, 69 percent of companies reported they had yet to create a data-driven organization. Even worse, 52 percent admitted they weren’t even treating data as a business asset.

Levels of information governance maturity

Zeroing in on the data challenge

Why are organizations struggling to protect their data and comply with privacy regulations? Because they are saddle with immature information governance (IG) processes.

Key indicators that your IG processes are immature include:

  • Incomplete or inaccurate data inventory
  • Little insight into data flows
  • Over-retention of redundant and obsolete data
  • Siloed governance of disparate types of data
  • Inability to implement strong access control policies for employees
  • Insufficient or ineffective use of encryption

Four tips for maturing your organization’s Information Governance processes

  1. Recognize you can’t do it alone. Collaborate with records managers, lines of business, legal and IT to ensure data is mapped correctly and governed.
  2. Collect and retain only the data you need. Less information reduces risk and makes data management and data governance simpler and less expensive.
  3. Make the business case to the board. The total cost of fines, damage to the brand, and getting the business back to normal following a breach can dwarf the investment in effective IG. Meanwhile, effective IG can also make a company more productive and agile.
  4. Build on the right foundation. Work steadily toward information governance maturity using the right tools. Download the CGOC Information Governance Process Maturity Model, which will enable you to assess your company’s level of IG maturity. The model includes:
    1. Risk Heat Map to help you plan the necessary actions to take
    2. Process Score Card to help you measure your company’s risk

Join the CGOC community. Interact with peers and access other members-only resources and tools to further your information governance practice.

You might also enjoy:

Share With A Friend: