Insider Threats, Data Privacy Are Overlooked By Businesses - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Security & Privacy

Insider Threats, Data Privacy Are Overlooked By Businesses

Data security and data breaches are all over the news. However, not all companies are paying as close attention to insider threats and data privacy as they should. A new survey looks at the risks.

Why Cloud Security Beats Your Data Center
Why Cloud Security Beats Your Data Center
(Click image for larger view and slideshow.)

There is more to data privacy than getting hacked.

Data privacy is all about how a company gathers and protects data. Fortunately, there is more than one line of defense, according to a recent joint study done by the International Association of Privacy Professionals (IAPP) and Bloomberg BNA, a source for legal, regulatory business information.

The "Assessing and Mitigating Privacy Risk Starts at the Top" study concluded that companies of all sizes are looking at data privacy as an issue of concern. It polled 347 internal privacy professionals on a number of issues, asking them to rate risks on a scale of 1 (no worry) to 5 (very concerned). They were also asked to identify the size of their companies.

"There is a lag in how companies are approaching their data privacy and data security programs," noted Brian Kudowitz, commercial product director for privacy and data security at Bloomberg BNA. Firms that deal with financial services, retail, healthcare, and hospitality are more aware of these issues. "Other companies are still catching up," Kudowitz said.

(Image:  Danil Melekhin/iStockphoto)

(Image: Danil Melekhin/iStockphoto)

Kudowitz draws a clear line between the terms "data privacy" and "data security." They are not the same thing.

Data Security, Data Privacy Are Different

Data security is in the realm of IT, where it meets the technical standards for protecting the data itself. Data privacy is more about what information is collected, how the information is used, and how it is transferred, Kudowitz explained.

Despite these subtle differences, there is a connection between the two. For example, a company may try to prevent an inside hack by gathering employee data. The mission may be data security, but the gathering of the data is a data privacy issue.

There is a cluster of four factors that respondents identified as crucial in addressing the data privacy challenge: leadership buy-in (88%), corporate training and education (86%), IT resources (86%), and IT ability (84%). Of the four, leadership buy-in is the key. If the boss is not on board, it results in a chain reaction that chokes off funding for training, education, security, and compliance, Kudowitz pointed out.

Is The Cloud More Secure?

More tech-minded observers might argue that storing corporate data in the cloud would probably improve a company's data security. But here Kudowitz sounded a cautionary note: "Cloud creates further risk exposure. Many measures taken, while they offer a solution, also create opportunities for other issues to arise."

In other words, every solution raises a new, different set of problems. "This speaks to the complexity of this area of the law," Kudowitz said.

[ Are you sure your privacy is protected on Windows 10? Read Microsoft Explains Windows 10 Privacy Policies. ]

To help put some of these challenges into perspective, Bloomberg Law: Privacy and Data Security is offering "chart builders," a time-saving practice tool that can integrate and display regulatory law on data handling and breaches across different states and provinces. "Part of managing risk is understanding differences from jurisdiction to jurisdiction," Kudowitz said.

Brand Impact

Among other findings, the survey respondents identified brand impact (61%) as a bigger worry than data breach (58%) for US firms. "Brand holds a lot of value," Kudowitz said. Companies spend years, if not decades, building up a brand. If customers associate the brand with a bad experience arising from a data breach, they would probably avoid the store or the good that brand represents. At this point, it is not the loss of money but the viability of the company that is at stake, Kudowitz pointed out.

Also, respondents from larger US companies are more likely to rate outside counsel as the most important asset in risk mitigation (64%) compared with IT security (43%). 

Outside counsel can figure out the common denominator of legal protection across various jurisdictions when companies deal with data privacy issues, Kudowitz noted. "They also have to deal with incidents when they arise," he said.

But there is a bit of crossover between outside counsel and in-house IT.

"One can't be a remedy for the other," Kudowitz said. "IT can't replace the assessment of privacy concerns. Getting outside counsel can't replace leveraging sophisticated information security." Companies can benefit from the overlap between IT and outside counsel, he added.

William Terdoslavich is an experienced writer with a working understanding of business, information technology, airlines, politics, government, and history, having worked at Mobile Computing & Communications, Computer Reseller News, Tour and Travel News, and Computer Systems ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BillA@PrivateEye
50%
50%
[email protected],
User Rank: Strategist
1/20/2016 | 4:57:32 PM
Data Security
I couldn't agree more! Great piece, and the distinction between data privacy and data security is incredibly important for IT execs to remember as they craft their security budgets for 2016. There's an upcoming webinar that will address all of these issues at PrivateEyeEnterprise.
batye
50%
50%
batye,
User Rank: Ninja
10/4/2015 | 2:35:29 AM
interesting to know
interesting to know, thank you for the info and ideas... as it not a simple problem...
Slideshows
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
News
What Comes Next for the COVID-19 Computing Consortium
Joao-Pierre S. Ruth, Senior Writer,  11/24/2020
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll