Data Practices Need More Scrutiny for Privacy Compliance

Data Practices Need More Scrutiny for Privacy Compliance

The concept of ‘Big Data’ has dramatically changed the information landscape. Analytics and advanced data processing transform and analyze massive amounts of data, extracting useful information to provide users with insightful information and recommendations to improve decision-making. These capabilities have been a major driver in the desire to keep PII, to provide personalized services, innovative insights, optimized operations and new ways of performing business.  This data, when properly used, can greatly improve user experiences – customers get information or services that are valuable to them when they need them, and happy customers tend to be long-standing customers.

The Internet of Things is fundamentally changing the way technology collects and uses our personal information with growing demand for accessing the information anywhere at any time.

By seamlessly embedding billions of sensors and connected devices into everyday life, the amount of data being stored is inevitably going to increase. There are more than one billion connected devices in the world today, expecting to grow for hundreds of billion in the future, increasing risk for inadvertent data exposure, weak application privacy controls, difficulty in providing privacy notices.

Stolen medical records are worth 10x credit cards. Medical records contain a wealth of information needed to commit fraud, including filing false tax returns, obtaining credit, obtaining illegal prescription drugs, Medicare/Medicaid fraud, and medical identity fraud.

Increased personal data and an ever-growing list of data security breaches have led to growing regulations for data privacy and increased scrutiny of corporate data practices. Making things even more challenging is that privacy laws, regulations and expectations differ. As with all regulations, depending on the geography, the impact of non-compliance with privacy-related regulations can be very expensive, both in terms of possible penalties as well of higher impact of negative publicity.

With the decreased storage costs and increasing amount of data, there is a tendency to just “park” data in case it is ever needed. Using the data dump approach to big data means that the organization could be violating privacy regulations and subjecting itself to further legal or regulatory action.

To safeguard a company’s most strategic information and avoid the need to lock down critical data and limit business productivity, an IG program must be implemented. For more information, download the CGOC white paper: Information Lifecycle Governance and Data Privacy.