Toxic data: You own it…unless you can prove you don’t
Data is a valued asset. How you collect and store it can create a risk profile with negative consequences. Assume you have toxic data until you prove you don’t.
Reading time: 3 minutes
Data has become a valued asset for most organizations. Leveraged correctly, it offers the insights and intelligence needed to make informed business decisions and deliver personalized, impactful customer experiences. It can also highlight opportunities to improve efficiency and overall organizational performance.
However, data can be a double-edged sword. Data leakage, particularly privacy data, can cause long-term damage to an organization. And the truth of the matter is, most organizations have more than they realize—creating a risk profile they don’t fully understand.
Understanding toxic data
Toxic data is personally identifiable information (PII) collected and stored by an organization that does not comply with current law. At a deeper level, if leaked, this information could do damage or harm to the exposed individual.
While the impact of a breach and severity of consequences is not uniform across industries, the outcome is never favorable. Reputational risk takes a hit regardless of organization size. However, smaller businesses are less likely to survive, with analysts estimating 60 percent of small businesses fail within a year of a breach. Other impacts include lost productivity, financial losses, and fines.
The burden of responsibility
Government disclosure requirements and regulations about handing PII have put the onus on the organization. At this point, ignorance is expensive. That’s why every organization should have a data plan policy that includes the following:
- Data discovery. For starters, find out what data has been collected and where it’s stored. This may not be as easy, especially for more mature organizations that have collected data for years, but it’s critical. Organizations should assume they have toxic data unless they can prove otherwise.
- Data purpose. Ask: “why are we collecting this data?” If it does not serve a business purpose, it should not be collected or stored. It is also important to ensure collected data is used for its stated purpose.
- Data handling. For the collected data, who is interacting with that data, and is the distribution of the data secure? Do third-party organizations have access to the data and, if so, for what purpose? When data is no longer needed or a request is made for its deletion, how is it removed to ensure it doesn’t become toxic? Is there a regulatory obligation to store the record?
- Disclosure. Be transparent about what information is collected, how it will be stored, who will have access to it, what regulations apply to the data, and how it will be used. Today, organizations must give such notice prior to the collection of data.
Control the process
There’s no getting around the power of data and how it drives day-to-day organizational operations. However, data collection and use should be purposeful and safeguarded. Information protection and governance is the way to do it.
Regardless of where data is stored—cloud, apps, or devices—today’s best-in-class information security and governance platforms offer built-in protection, management, intelligence (detection, identification, classification), and extensibility. This is important, because the cost of a data breach is expensive—an average of $4 million per incident in 2019, according to Ponemon Institute—and most organizations, 88 percent, lack confidence they can prevent it.
Controlling the process can be complex. There is an abundance of data at most organizations—an often-overwhelming amount of data—and much of it is not managed, and much is more toxic than realized. However, the process can be simplified. With the right tools and partners, organizations can minimize their risk exposure. Equally important, accessing real-time visualization of data can propel growth by helping organizations uncover information they did not know they needed while opening avenues to efficiencies they did not expect.
About Garnet River
Founded in 2000 and based in Saratoga Springs, N.Y., Garnet River provides comprehensive and flexible staffing and staff augmentation services, innovative robotic process automation (RPA), and managed outsource solutions to public- and private-sector clients. Garnet River is a partner with UiPath, Microsoft, Cisco Meraki, Hewlett Packard Enterprise, and others. For more information, visit garnetriver.com.