Privacy Management for Midsize Firms

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://midsizeinsider.com/en-us/article/privacy-management-for-midsize-firms

Privacy management is a concern for midsize firms in the face of increasing
mobility and the consumerization of IT. A new survey by Gartner, featured
in BizTech2.com, found that privacy policies are still on the to-do list
for IT professionals. To avoid risks, resources must be focused on adequate
privacy and security measures, especially at growing firms where more types
of data are being stored at a faster pace than ever before.

Privacy Measures

According to Gartner's study, firms today generally believe that their
privacy activities have decreased in the past two years. The report found
that 43 percent of firms have comprehensive privacy management programs; 7
percent, however, reported that they do the least amount necessary when it
comes to utilizing privacy programs. The survey also concluded that 62
percent do not scan websites and apps or even hold a privacy audit on an
annual basis. Gartner also pointed out that many firms are not conducting
privacy impact assessments before major projects. For the first time this
year, more firms decided to store their customer data in a global place
instead of a regional or local data center.

As for the companies that do have privacy programs in place, Gartner found
that they aim to boost their security by hiring more specialized staff.
Gartner reported that 90 percent of those firms have at least one person
responsible for privacy. But that kind of focused hiring is still not the
norm. Firms are also beefing up privacy measures and investing more money
in comprehensive privacy programs to deal with cloud, mobile, big data and
social computing challenges.

Requirements and Experience

IT risk management, information security, business continuity and
regulatory compliance activities apply to firms across various industries,
despite their size. Midsize firms are more mobile than ever and regularly
use social business tools and other third-party technologies which then
increase their exposure to privacy lawsuits. Midsize firms now collect all
types of data that they have not collected in the past because it would
have been cost prohibitive. The change in how midsize firms are collecting
this data is also making the same firms more of a target to cybercriminals
intending to steal precious data.

Midsize firms can work with experienced vendors to ensure that they have
effective monitoring of privacy-related processes such as data masking,
encryption, data storage and document retention. Gartner points out that
programs utilized at firms just a few years ago did not always pay off and
need to be refocused. That is a proof point that privacy projects should be
carried out with experienced precision and care. IT professionals at
midsize firms must manage their information infrastructures with limited
resources, time and money. When it comes to an important privacy program,
they surely cannot afford to start from scratch because of inaccuracies
that could have been avoided with proper consultation. By prioritizing
privacy, growing firms can avoid unnecessary risks, remain compliant and
focus more energy on other business goals.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.