The Rising Importance of Data Privacy

Average total cost of a data breach cost $4 million, 13.6% increase since 2014. Key magnifiers of privacy risk included:

  • Changing Environment: 64% of employees regularly use personal technologies for work purposes.
  • Disconnected Ownership: 68% of IT executives claim responsibility for technology use and security but lack the authority to manage them effectively.
  • Strategic Value: 79% of senior executives report that new uses of digital information are key to growth.
  • Threatening Atmosphere: 69% of executives believe that their companies can’t keep up with the increasing pace and sophistication of cyber attacks.

An increasing corporate need for privacy:

  • 75% of employees currently have access to customer contract information (e.g. names, e-mail addresses).
  • 37% of employees do not receive any data privacy training.
  • 58% of employees violated a privacy policy without knowing it in 2015.

The greatest security threats are employee led, our research over the past three years shows that 60% of privacy failure were caused by employee behavior.

  • 58% were unintentional due to a lack of awareness.
  • 8% were intentional and malicious.
  • 44% were unintentional and mistaken.
  • 45% was intentional but not malicious.

Key considerations to formalize your privacy program

  1. Create a privacy function and structure based on your information exposure.
  2. Coordinate across functions to determine appropriate ownership and responsibilities.
  3. Assess the root causes of privacy failures in your organization.

Who is involved in a successful privacy program?

  • IT/IS: Assess and classify data; monitor data breaches.
  • Privacy: Advice on the risk of collecting information given the intended business value, future analysis, and data storage.
  • Legal: Monitor privacy-related laws and regulations; participate in government inquiries and investigations.
  • Procurement: Perform third-party due diligence; supply information for vendor questionnaires.
  • Compliance: Create and monitor privacy related employee training; assist in internal privacy investigations.
  • Risk Management: Identify and assess enterprise-wide privacy risks.
  • HR: Advise on the proper collection and use of employee records and data.
  • Sales and Marketing: Ensure the proper collection and storage of prospective and existing customer data.
  • Audit: Assist in auditing program effectiveness and internal controls.
  • Strategy: Advice on potential privacy issues related to new product offerings.

Source from CEB

More reference:
EU-US data transfers: Why Safe Harbour 2.0 may just be an empty shell by Justine Chauvin
IGPHC Provides Guidance for Privacy Risk Assessment by Sharon Lewis
Is Big Data Scary? Is the Data Revolution Invading The Privacy of Consumers? by Aleah Radovich
Coming Soon: Battles Over Academic Privacy — But Is This Fight Already Over? by David Crotty
Exploring Data Cleaning Solutions by Murtaza
EVO:RAIL – What is it and Why Does it Matter? by vCloud Team
SDDC Security Operations class from VMware Education by Mike Foley
Take a funny test in Facebook? It’s time to clean permissions by Guest Blogger
3 Tips for Protecting Your Kids’ Privacy on Dubsmash and by lynette
Wired Editorial: “OkCupid Study Reveals the Perils of Big-Data Science” by Michael Zimmer
Questions the Lebanese Government Should Answer about the New Biometric Passports
The Cybersecurity Information Sharing Act Explained by Claire Daniel