DATA PRIVACY/PROTECTION

High-profile security failures have made privacy protection a top of-mind issue for many organisations. In several cases, hackers have gained access to online networks and systems, stealing personal customer data such as names, addresses, passwords. The financial costs of these breaches are often significant, ranging from tens of thousands to millions. The damage to a company’s brand and its reputation often costs far more. When we think of cyber risk we tend to think of security breaches, but when we look at it through a privacy lens, the range of risks broadens significantly.

As IT organizations move toward virtualization, cloud computing and IT-as-a-service, data protection will undergo a fundamental shift. The underpinnings of this transformation include a change from one-size-fits-all backup to a data protection offering that matches service levels with application requirements. IT organizations would be wise to bring in outside help to navigate through this transition.

There are several issues that an outside consultant can help manage, including:

ROI: The business justification of data protection as a service – data protection is still viewed as insurance and a quality risk assessment and business impact analysis from an outsider can have a meaningful impact with upper management.

Training and Education: Organizations have an opportunity to re-skill staff and gain increased leverage by developing data protection approaches that free up existing personnel. As discussed, however, new approaches will require new mindsets and existing staff will have to be educated and in some cases re-deployed on other tasks.

Architecture: Data protection is not trivial. Virtualization complicates the process and creates IO storms. Architecting data protection solutions and a services-oriented approach that is efficient and streamlined can be more effectively accomplished with outside help. Don’t be afraid to ask.

Customers want choices and ease of access, which requires them to provide personal information and preferences, businesses want to be able to gather, data mine and share this information efficiently. Certain industries such as financial services and health-care, often draw the most attention in the privacy discussion because of the personal information they possess. However, all industries are affected by privacy and data protection requirements. Confirm the organisation does not have misplaced or invented reliance on third party providers that have access to the organisation's own information or that of its customers. Design and implement robust monitoring and testing of privacy and data protection risks and related controls. Most companies have developed and implemented privacy and data protection programs, yet many of these programs fall short for a variety of reasons, including lack of understanding the risk landscape related to information collections and transmittal, inadequate organisational policies, insufficient training and unverified third party providers, among many others.

The bottom line is data protection is changing from a one-size-fits-all exercise that is viewed as expensive insurance to more of a service-oriented solution that can deliver tangible value to the business by clearly reducing risk at a price that is aligned with business objectives. Understanding data protection in a holistic fashion from backup, recovery, disaster recovery, archiving, and security; and as part of IT-as-a-service is not only good practice, it can be good for your bottom line.