Ensuring data privacy has never been easy. The increasing use of cloud and mobile devices for content access and collaboration puts additional demands on security and protection.
As AIIM reveals in its Data Privacy: Living by New Rules industry watch, insider threats from staff members are more likely than attacks from external hackers, and the likelihood of data loss through staff negligence is higher still.
In the AIIM industry watch, the product of an AIIM market intelligence survey using a web-based tool by 202 individual members of the AIIM community between October 23, 2015, and November 16, 2015, AIIM delivers an in-depth look at how well personal data is protected and the consequences of data breaches.
What were breakouts of AIIM's industry watch on data privacy?
- Things are getting worse: Until recently, the protection and security of information on identifiable individuals had taken a relatively low profile. Most countries, regions and states have data protection legislation but they vary considerably in the level of protection decreed. Exposure of personal information or data breaches were relatively rare, and state surveillance of such information was generally covert and not acknowledged by governments. All of this has changed quite dramatically in the last few years. The amount of personal data stored by companies and governments has soared, and the value of that data to thieves and fraudsters has multiplied as more and more personal business is transacted on the internet. Identity theft has become a major new crime.
- Organizations are impacted by staff negligence: The operations of 38% of organizations surveyed are highly dependent on sensitive personal content, eg, healthcare, financial, claimant, etc. 33% have some sensitive customer or client data. 20% have just basic HR content. Additionally, 36% of smaller organizations, 43% of mid-sized and 52% of large organizations have reported a data breach in the past 12 months and 19% reported a loss due to staff intent, with 28% from staff negligence, compared to 13% from external hackers.
- Unfortunately, customer data is suffering: Alarmingly, 26% suffered loss or exposure of customer data and 19% lost employee data. As a consequence, 10% received action or fines from the regulator, 25% saw a disruption to business and 18% a loss of customer trust. For the 26% of reporting incidents, a loss of Personally Identifiable Information (PII) data on customers or citizens was involved.
- Viewpoints vary as to data privacy breach seriousness: 24% of respondents feel that their senior managers do not take the risks of data privacy breaches seriously. 13% consider that operational considerations override compliance. Additionally, 34% feel that social networks undermine data privacy rules and 43% agree that over-zealous ID checks have a negative impact on customer experience. 68% would like to see governments encourage stronger, tamper-proof encryption.
Personally Identifiable Information
Almost all organizations hold some PII where the result of disclosure would be a loss of privacy for the individual, most likely as staff records, according to AIIM findings. For some, a high proportion of business operations are dependent on what is termed Sensitive Personal Information - for example in healthcare, finance, social payments - where disclosure could be very harmful to the individual. Even for those only storing staff records, sickness histories and disciplinary actions would be deemed sensitive, according to AIIM.
According to its industry watch findings, AIIM suggests deterents to PII breaches include better staff training, stronger investment in data security measures, improved internal management and classification of sensitive content and a tighter control over data loss incidents due to staff neglicence, such as a data breach from internal incidents due to unauthorized access.
Almost all organizations hold some data about their customers.
Today, enterprises must limit the use, collection, and retention of PII to only what is critically necessary for organizational purposes. Today's enterprises experience critical challenges in identifying, classifying and managing PII in an organized and protected way, lacking a clear methodology to inventory information effectively...a dangerous enterprise truth.
AIIM is a global, non-profit organization that provides independent research, education and certification programs to information professionals. AIIM represents the information management community, including practitioners, technology suppliers, integrators and consultants. To learn more about AIIM, click here today!