In a recent Veritas survey of 10,000 office professionals and IT decision makers it was revealed that “48% of office professionals would rather give up their clothes than delete their data”. The same percentage of those surveyed would rather “work weekends for 3 months than delete their files.” These statistics highlight the blurred lines between perceived data value and personal belongings and time. Office professionals feel strongly about the data that they store yet it’s highly unlikely that they have clear visibility into the data they are fearful to delete. Dark data is a fact.
Why should organizations care about data hoarding? The ramifications have made data hoarding a driver for updating policies and the technology that enforce data privacy. Furthermore, the regulatory landscape continues to expand, and penalties and associated reputational risks grow. GDPR is currently taking the main stage when data privacy is a global event.
With the spotlight on GDPR the articles defined give the impression of complexity but three fundamental requirements bubble to the surface - stop data hoarding, be accountable for the data stored, and ensure data sources are searchable. In South Africa, the properties of the Protection of Personal Information Act (POPI) echo these fundamentals. In the US, there are literally hundreds of laws at the Federal and State levels, across various verticals. California alone has 50 laws setting standards around the storage, transmission and general use of Personal Identifiable Information (PII). The most significant cyber-related legislation to date is the Cybersecurity Act which has provisions to ensure unrelated personal information is not disclosed. In Singapore, the Personal Data Protection Act sets standards around the collection, general use, and disclosure of personal data. The regulatory landscape of data privacy is surprisingly expansive. This raises an important question - do you know the laws that currently govern the data in the countries you do business in?
Geographical location dictates an individual’s rights to their data, defines data sovereignty requirements, and raises a plethora of questions surrounding information security.
If data hoarding is a driver for data privacy regulations, perhaps organizations should be looking to redefine data value. If individuals know what is valuable perhaps they will not treat all data as if it is created equal, keep securely only what is needed and feel confident in what they delete. By understanding behaviors of your users you can put processes and technologies in place to meet data privacy laws, regardless of geographical location.
As a market leader, Veritas has been guiding its customers through Information Governance challenges for years. The Veritas GDPR Strategy has fundamentals that apply to Data Privacy regulations around the world. Sign up for a Veritas GDPR maturity assessment to kick start your Data Privacy journey at www.veritas.com/gdpr.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.