Creating a Personal Data Management Exit Strategy

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Creating a Personal Data Management Exit Strategy-6 Next

Privacy expectations are still influenced by laws, and jurisdictions have physical boundaries. This collides with the IT reality of cloud and mobile computing. The physical location is the location where the electrons and bytes are stored. Given that this information can be accessed from the other end of the world in a fraction of a second, the physical location should be increasingly irrelevant. Yet this physical location is still what many regulators insist on, although the legal location should be most relevant from a regulatory perspective.

Companies and service providers prefer to move toward a more pragmatic approach — the logical location. As an example, personal data might be stored in a data center of a U.S. cloud provider, which is operated by a third-party service provider from India. However, data is encrypted, the Indian IT employees manage only routers and servers, and only European employees of the client can actually see the data. These employees are located in Europe, and bound by a European employment contract and European privacy laws. Logically, the data is in Europe, although legally and physically, it may be somewhere else.

Organizations should create a privacy program that keeps personal data at arm's length, but under control, according to Gartner, Inc. Gartner predicts that by 2019, 90 percent of organizations will have personal data on IT systems that they don't own or control.

Enterprises have traditionally been the target of security threats, and until recently, those hackers focused on attacking vulnerable IT infrastructure. As protection for such infrastructure improves, the attackers' attention shifts to softer targets, such as employees, contract workers, customers, citizens and patients.

"As the amount of personal information increases multifold, individuals and their personal data will increasingly become a security target. And, yet in most scenarios the organization is still ultimately accountable for the personal data on its IT systems," said Carsten Casper, research vice president at Gartner. "The time has come to create an exit strategy for the management of personal data. Strategic planning leaders will want to move away from storing and processing personal data in the next five years."

"The PCI Data Security Standard (DSS) requires the implementation of stringent controls of those who collect and store credit card data. In response, many companies have decided to eliminate credit card data from their own systems and completely entrust it to an external service provider," said Mr. Casper. "The same could happen with personal data. If control requirements are too strong and implementation is too costly, it would make sense to hand over personal data to a specialized 'personal-data processor.'"

Gartner has identified the following steps to prepare for such a strategy.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

IT security careers The Most In-Demand Security Jobs and How to Get Them

Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ...  More >>

142x105itbeusasecurity2.jpg 9 Predictions for Cybersecurity’s Role in Government and Politics in 2017

Experts predict how cybersecurity will affect and involve our government, policies and politics in 2017. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.