BreachExchange mailing list archives
Privacy Management for Midsize Firms
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 31 Dec 2013 18:05:16 -0700
http://midsizeinsider.com/en-us/article/privacy-management-for-midsize-firms Privacy management is a concern for midsize firms in the face of increasing mobility and the consumerization of IT. A new survey by Gartner, featured in BizTech2.com, found that privacy policies are still on the to-do list for IT professionals. To avoid risks, resources must be focused on adequate privacy and security measures, especially at growing firms where more types of data are being stored at a faster pace than ever before. Privacy Measures According to Gartner's study, firms today generally believe that their privacy activities have decreased in the past two years. The report found that 43 percent of firms have comprehensive privacy management programs; 7 percent, however, reported that they do the least amount necessary when it comes to utilizing privacy programs. The survey also concluded that 62 percent do not scan websites and apps or even hold a privacy audit on an annual basis. Gartner also pointed out that many firms are not conducting privacy impact assessments before major projects. For the first time this year, more firms decided to store their customer data in a global place instead of a regional or local data center. As for the companies that do have privacy programs in place, Gartner found that they aim to boost their security by hiring more specialized staff. Gartner reported that 90 percent of those firms have at least one person responsible for privacy. But that kind of focused hiring is still not the norm. Firms are also beefing up privacy measures and investing more money in comprehensive privacy programs to deal with cloud, mobile, big data and social computing challenges. Requirements and Experience IT risk management, information security, business continuity and regulatory compliance activities apply to firms across various industries, despite their size. Midsize firms are more mobile than ever and regularly use social business tools and other third-party technologies which then increase their exposure to privacy lawsuits. Midsize firms now collect all types of data that they have not collected in the past because it would have been cost prohibitive. The change in how midsize firms are collecting this data is also making the same firms more of a target to cybercriminals intending to steal precious data. Midsize firms can work with experienced vendors to ensure that they have effective monitoring of privacy-related processes such as data masking, encryption, data storage and document retention. Gartner points out that programs utilized at firms just a few years ago did not always pay off and need to be refocused. That is a proof point that privacy projects should be carried out with experienced precision and care. IT professionals at midsize firms must manage their information infrastructures with limited resources, time and money. When it comes to an important privacy program, they surely cannot afford to start from scratch because of inaccuracies that could have been avoided with proper consultation. By prioritizing privacy, growing firms can avoid unnecessary risks, remain compliant and focus more energy on other business goals.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Privacy Management for Midsize Firms Audrey McNeil (Jan 01)