Data Protection Must be the Number One Enterprise Focus in 2019
Sensitive data protection continues to gain priority for many enterprises, especially from the C-suite perspective. The rise of privacy regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) have increased the urgency to manage sensitive data — and to a greater extent, all data.
Headlines in 2018 trumpeted major hacks and data breaches impacting millions of customers and smearing the names of several multinational corporations. From Facebook to Google and most recently Marriott, it is clear that in today’s world even the largest corporations aren’t safe from significant data security vulnerabilities.
Data protection in 2019 and beyond can no longer be shrugged off as an “IT” problem. It is critical today to address data protection and strategically implement it from the top down in every enterprise. As recent news events have shown us, in the event of a data breach, the hammer comes down on the top leadership for failing to properly monitor and protect their customers’ sensitive data.
Once the damage is done, organizations struggle with challenges around customer retention and paying penalties incurred. According to a recent Forbes article, Marriott will likely have to pay roughly $3.5 billion in fines for the recent breach. That number could reach $8.8 billion if it is discovered that there was no instant notification of the issue to the supervisory authority.
Organizations are held accountable, not only at the time of a compromising incident, but also through increasingly stringent data privacy and protection regulations.
Now, companies must know exactly where their data resides in order to protect it. They need to identify where sensitive data exists, including within unstructured data, and provide visibility and management of that data’s movement to the appropriate party at the respective enterprise.
In order to effectively protect and monitor data at all levels in an organization, it is absolutely critical that you take the time to accurately identify and classify all of your data to start the process. By choosing to ignore these steps as you start your data protection plan, you are subjecting yourself to failure before you have even truly begun taking action. If you don’t know where your data exists currently, how are you supposed to go about protecting it?
These initial steps will not only make for a more successful data protection program but will position your organization ahead of forthcoming regulations and laws. Classification helps you identify which data is truly sensitive, which helps alleviate most of the security and compliance concerns for an organization.
While the existing data protection and cybersecurity world is already extremely complex, the implementation of regulations such as GDPR in the EU, and in New York the NYCRR 500 for financial services, not to mention CCPA in California all add new challenges for enterprises. Many other states are following suit — including Ohio, Colorado, Nebraska, Nebraska, South Carolina, Vermont, Iowa, Alaska, Arizona, Louisiana, South Dakota, Oregon. Governments worldwide are responding at multiple levels to consumers’ concerns and are increasingly adding accountability and penalties for organizations — with the hope that these measures decrease risk and protect consumers.
For enterprises moving forward, this means that data protection will no longer be brushed under the rug and be seen solely as an IT department issue. Data protection is now at the front of every consumer’s mind as well as a priority for governments around the world. Now, as the sophistication of data breaches and attacks escalate, the expectation from customers and governments will be that enterprises can adapt to evolving threats and continue to protect their sensitive data in any circumstance.
As that expectation continues to grow along with increased regulations, enterprises will either sink or swim when it comes to data protection. Those who fail to adapt and implement a proper data protection and classification system, could be under attack this very moment, and may very well be the face of the next major data breach scandal and not even know it.
This past year has demonstrated just how devastating these hacks and data breaches can be both financially and for an enterprise’s brand reputation. This is the year we must learn from past mistakes and take data protection as seriously as any other aspect of an organization. Data protection must be the number one focus in 2019 for enterprises.