Data privacy still being ignored by organisations

It has been found that many organisations are not doing all they can to protect data privacy with there being a lack of transparency in how businesses store personal data, according to PwC’s 2018 Global State of Information Security Survey (GSISS). It was found only 51% of respondents have an accurate inventory of where personal data for employees and customers are collected, transmitted, and stored. When it comes to third parties who handle personal data of customers and employees, less than half (46%) conduct compliance audits to ensure they have the capacity to protect such information. And a similar number (46%) say their organisation requires third parties to comply with their privacy policies.

http://brn.firetrench.com

Full Story Here: https://www.helpnetsecurity.com/2018/03/12/protect-data-privacy/

 

This certainly does not make for good reading, especially with GDPR around the corner and commenting on the news is Paul Edon, director at Tripwire and Javvad Malik, security advocate at AlienVault:

 

Paul Edon, director at Tripwire:

If organisations are not prioritising data security then they are ignoring a key component of foundational security that will ensure comprehensive compliance with the upcoming GDPR. Consumers are becoming more aware of how their data is being used and demand that it be protected, giving organisations no choice but to have the appropriate security solutions in place to meet that demand. A good reminder for organisations to be prepared and to take data security seriously will be the severe fines that will be imposed by GDPR for compliance failure.

 

Javvad Malik, security advocate at AlienVault:

This very lapse in data privacy is one of the driving factors behind GDPR, to ensure there is a consistent baseline that all companies adhere to.

The PwC survey suggests that roughly only half of respondents have an accurate inventory of where personal data is collected, transmitted, and stored. Without an accurate and up to date inventory, it is near impossible to have confidence that privacy controls that have been implemented are effective.

Once an inventory is collated, then companies can undertake risk assessments, and evaluate the effectiveness of controls with any degree of confidence.