Protecting Personal Data Globally

27 04 2010

In a recent report published by Accenture, “How Global Organizations Approach the Challenge of Protecting Personal Data,” five key findings emerged from its research:

  1. There is a notable difference between organizations’ intentions of regarding data privacy and how they actually protect it, creating an uneven trust landscape.
  2. A majority of organizations have lost sensitive, personal information, and among these organizations, the biggest causes are internal and therefore something they potentially could control.
  3. Compliance complacency is prevalent throughout the world.
  4. Understanding the perspective on and approach to data privacy and protection of business partners is crucial.
  5. Organizations that exhibit a “culture of caring” with respect to data privacy and protection are far less likely to experience security breaches.

Let’s look at the first point: There is a notable difference between organizations’ intentions of regarding data privacy and how they actually protect it, creating an uneven landscape.

The Accenture report supplements this finding with the following facts:

  • Approximately 70 percent of both business and individual respondents strongly agreed or agreed that organizations have an obligation to take reasonable steps to secure consumers’ personal information, disclose how they use consumers’ personal information and deal with the ramifications if they lose consumers’ personal information.

The report goes on to relay some inconsistencies with this fact. Between 40 and 50 percent of the business respondents in their survey:

  • Where unsure about or actively disagreed with granting  individuals the right to control the type of personal information about them that is collected and how that information is used.
  • Did not believe it was important or very important to limit the collection and sharing of sensitive personal information.
  • Did not believe a range of typical organizational privacy practices were important or very important (including notice, consent, access, redress, security, minimization and accuracy).

The report goes on to explain the reasons for these discrepancies, including industry differences, cultural/regional differences and a lack of clear accountability and responsibility for data privacy and protection within the organization.  A key reason for who is accountable is the complexity of those involved: “They also may find that the management responsibility and accountability can be fragmented, with the Chief Information Officer, Chief Information Security Officer, Chief Privacy Officer or the legal function all having some involvement, depending on the specific aspect of data privacy and protection in question. For instance, the CIO could be responsible for maintaining IT and data security…”

While this obviously well researched report focused on the complexity of data security, how can a CIO maintain IT and data security? Managed File Transfer.