Companies overconfident in management of sensitive data
A new study into how enterprises manage sensitive data reveals overconfidence in knowing where private data resides, and the use of inadequate tools such as spreadsheets to track it.
The research from Integris Software shows 40 percent are 'very' or 'extremely' confident in knowing exactly where sensitive data resides, despite only taking inventory once a year or less. Yet a mere 17 percent of respondents are able to access sensitive data across five common data source types.
The survey exposes the lack of visibility companies have on where their data lives. Nearly 45 percent of respondents say they need to access 50 or more data sources to get a defensible picture of where their sensitive data resides. Yet fewer than half (45 percent) of respondents take an inventory of personal data more than once a year or only in reaction to an audit.
"If you're not taking a real-time inventory of personal data across all data source types, then you're going to have huge blind spots when it comes to knowing what sensitive data is sitting in your organization," Integris CEO Kristina Bergman says. "Point-in-time knowledge is obsolete within a day due to the constantly changing nature of data in a hyper-connected world."
In the light of the Cambridge Analytica scandal, enterprises seem to be more aware of data sharing agreements with 63 percent of respondents citing privacy concerns. 40 percent of respondents have 50 or more of these agreements in place. But respondents are generally pessimistic about their partners' ability to comply. Respondents report being 43 percent more confident in their ability to be compliant compared to how they perceived their partners.
"Whether it's complying with regulations, contracts, or internal use policies, continuous defensibility boils down to knowing where your sensitive data resides and your ability to map that data back to data handling obligations." Bergman adds. "These survey results highlight the urgent need for companies to operationalize and automate their data privacy management programs to handle their mass volumes of private data and an increasingly diverse and complicated set of obligations."
On a positive note, more than 80 percent of respondents report having budget dedicated to data privacy management, 90 percent have a data privacy awareness program in place, and 93 percent have a process in place to identify and mitigate privacy risk.
You can read more in the full report available from the Integris site.