Monday, December 23, 2019
“Companies are being inundated with data,” researchers wrote. “A single bank transaction may get replicated across a hundred data repositories. Financial services companies are constantly consuming and sharing information to build better customer profiles and enable financial transactions. In addition, as financial services companies consolidate through mergers and acquisitions, they acquire unknown datasets and data transfer agreements with new business partners.”
Drew Schuil, president at Integris Software, observed that automated solutions can help large organizations with numerous data repositories control and protect data flows. “Data is owned by different departments within an organization,” he said. “And if they find personal information where it’s not supposed to be, they can use automated remediation without being slowed down by typical speed bumps like security and access control and make that data safe again.”
Schuil noted that regulatory changes are motivating organizations to meet compliance guidelines, citing the following four key findings from the survey:
Data privacy management overconfidence: 37 percent expressed confidence in knowing sensitive data locations, despite annual data surveys; only 11 percent of respondents could access sensitive data across five common data source types.
Data privacy impacts much more than regulatory compliance: 76 percent of respondents enforce internal data handling policies like classification and retention. 41 percent cited the impact of data privacy on M&A due diligence; 25 percent said data privacy impacts artificial intelligence and machine learning projects and 33 percent saw impact on data lake hygiene.
The proliferation of data sharing agreements: 45 percent of respondents had 50 or more of data sharing agreements in place; 75 percent of respondents were “very confident” or “extremely confident” in their compliance efforts.
Data privacy management budgets reside in IT departments: 50 percent of data privacy budgets are concentrated in IT departments, requiring technology leaders to operationalize their data privacy management programs as they strive to balance protection with innovation.
Privacy is critical to effective data protection Schuil commented, and U.S. data managers must be cognizant of where sensitive data resides to comply with the Telephone Consumer Privacy Act (TCPA), the California Consumer Privacy Act (CCPA) and other data privacy regulations.
Schuil expects approaches to data privacy to continue to evolve in response to changing regulations and their own maturing attitudes to effectively managing data. European companies have an edge because they have become accustomed to GDPR, he stated. On the other side of the spectrum, U.S. companies are just beginning to prepare for TCPA, which becomes effective in January 2020. They know that they have a long way to go to meet these requirements.
“Ultimately, we're going to flip the script as to how organizations view compliance, data privacy and security less as a burden on the organization and more as a way to enable the business,” he said. “And how we get there is by helping the organization become faster and nimbler at how they access and use their data by providing better, smarter data inventory solutions.”
A full copy of the report is available at integris.io/data-privacy-maturity-study/
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.