Posted by Mark Brousseau
Nearly three-quarters of organizations believe they have adequate policies in place to protect sensitive, personal information, yet more than half have lost sensitive data within the past two years — and nearly 60 percent of those organizations acknowledge data loss as a recurring problem, according to findings of a global study by Accenture.
The study reveals a startling difference between organizations’ intentions regarding data privacy and how they actually protect sensitive personal information, such as name, address, date of birth, race, National ID/social security number and medical history. The study was conducted in conjunction with the Ponemon Institute, a privacy, protection and information security research firm.
“The volume of sensitive personal information being collected and shared by organizations has grown exponentially in recent years, making data protection a critical business issue and not just a technology concern,” said Alastair MacWillson, managing director of Accenture’s Security practice. “Our study underscores the importance of taking a comprehensive approach to data privacy and protection, one that closes the gaps between business strategy, risk management, compliance reporting and IT security.”
Global Business Findings
Fifty-eight (58) percent of business respondents have experienced at least one data security breach over the past two years, yet 73 percent said their organization has adequate policies to protect the personally identifiable information it maintains.
While 70 percent agreed that organizations have an obligation to take reasonable steps to secure consumers’ personal information, there are discrepancies in their commitments for doing so:
• Forty-five (45) percent of respondents were unsure about or actively disagreed with granting customers the right to control the type of information that is collected about them.
• Forty-seven (47) percent were unsure about or disagreed with customers having a right to control how this information is used.
• Nearly half also did not believe it was important or very important to: limit the collection (47 percent) or sharing (46 percent) of sensitive personal customer information; protect consumer privacy rights (47 percent); prevent cross-border transfers of personal information to countries with inadequate privacy laws (47 percent); prevent cyber crimes against consumers (48 percent); or prevent data loss or theft (47 percent).
• The study revealed that the biggest causes of data loss are internal — problems presumably well within an organization’s ability to detect and correct. For instance, business or system failure (57 percent) and employee negligence or errors (48 percent) were cited most often as the source of the breaches; cyber crime was cited as a cause of only 18 percent of security breaches.
While many organizations believe that complying with existing regulations is sufficient, it appears that compliance alone may not be enough to protect sensitive data. For instance, 70 percent of respondents said they regularly monitor privacy and data protection regulatory compliance requirements, yet data breaches have occurred in 58 percent of organizations polled.
Thursday, June 3, 2010
Perception of data security at odds with reality
Subscribe to:
Post Comments (Atom)
1 comment:
Great article highlighting the need for everyone to have a much higher computer/data security awareness. Check a (free) blog, "The Business-Technology Weave" (can Google to it) - it reflects what this article is saying. The majority of breaches are due to human error, therefore awareness and common sense are key, in supporting all necessary best practices. The blog author also has a book we use at work, "I.T. WARS" (you can Google that too). It has a great Security chapter, and others that treat security. Highly recommended. Great stuff.
Post a Comment