In less than a week, people around the globe are reading another breaking news around Information Security concerns following the massive breach of Marriott International Inc. As per the news, the UK Parliament seized a set of internal emails of one of the world’s largest Social Media platform Company Facebook as a part of its investigation. The controversial document released publicly reveals the alleged communication between the company’s CEO and other high level executives regarding collection of User Data and selling it to potential major Companies.
With back to back major incidents around Information Security, it is evident that Technological advancements and global interconnectednes has certainly created both opportunities and risks for businesses when it comes to appropriate handling and use of Customer data. Technology advances enable companies to instantaneously collect and analyze massive amounts of data about customers and employees, which has both benefits and drawbacks. However, this use of sensitive personal data can undermine the privacy of the individuals involved. Given this potential for real friction between the business use of sensitive data and the resulting Information Security concerns among the Customers and key Stakeholders, Cyber Governance, Ethics and Compliance are surely going to be the buzzwords for Business Sustainability, Brand Reputation and positive Business Growth in 2019 and following years.
Identifying Data Privacy Breach as a Business Risk
There is no doubt that Customer Data is a Corporate asset, and the potential for violation of this Data Privacy represents a Risk. Mishandling of Customers’ information is the most common Cyber Security-related risk.When we talk of the consequences, Reputational harm is the top concern followed by the risk of civil litigation, regulatory enforcement and decrease/loss of share value. Because of such high impact consequences, Data security and data privacy compliance obligations need to be rationalized and addressed through a unified set of control objectives and control activities that are very well aligned with the overall Enterprise Risk Management.
Building Future ready Data Governance Programs
Forward-looking Organizations are already recognizing the need for a holistic Governance program to meet the challenges of maintaining Data Privacy and meeting related Compliance mandates. Conventional IT security approaches that focus on protecting just IT infrastructure needs to be modified and complemented with protective controls that focus on protecting data stored and moved through that infrastructure. This future ready Data Governance approach requires cooperation among the IT, human resources, legal and finance departments as well as business groups and the marketing department.
Setting the “Tone at the Top”
It’s a proven fact that Data Governance processes and tools are only as effective as the people who implement them. A vital step is to establish a Governance committee that consists of individuals from within the organization and assign them clearly defined Roles and Responsibilities, adequate resources and clear guidance on the overall data governance objectives. Next step is to examine various authority documents (statutes, regulations, standards, and company policies and strategy documents) that mention the requirements that must be met. Also, to identify Residual risks and select appropriate technical measures to protect confidential data, an organization must first understand how information flows throughout its systems over time and how the information is accessed and processed at different stages—by multiple applications and people and for various purposes. To summarize, the Boards and the C-Suite need to set the right “Tone at the Top” blending the right mix of People, Processes and Technology for a robust Data Governance Strategy.
A program based on the Data Governance for Privacy, Confidentiality and Compliance framework provides a holistic approach to identifying Cyber Risks nd by addressing residual risks in effective and efficient ways. The three Key components of Data Governance are People, Process and Technology, which when leveraged at the right time, not only protects against Cyber Threats,but also becomes the foundation for Confidence, positive Growth and Sustainability.
Visit our Appexchange listing for more details on our innovative Product Suite