International Data Privacy day. Celebrate or cry?

Last week there was International Data Privacy day. Now there are international days for almost everything but still it says that it’s a hot topic. Which it is of course and you can’t escape all the fuss surrounding the privacy policies of Facebook, how Google is using our data, even rumours that it has been set up by the CIA to invade our privacy, how the NSA knows everything, etc. This discussion however is always from the context of the individual, and less from the perspective of organizations. That should change.

Individuals are afraid of their privacy being breached and their data being used for stuff they aren’t aware of. That makes sense of course and I’m also concerned, but from what I can manage I feel like I’m in control and the risks are small. For most companies however this is completely not true. Sensitive information leakage and misuse is a huge risk.

In my daily work I see growing awareness of this issue. Privacy Officers are being appointed more and more and rising to board and C-level. In Europe however it’s not yet a top priority for Information Managers and CIO’s, and that’s where it should be. That is where the sensitive content is, in the I of information. You can have all the policies you want yet still have huge issues with all that information you are not aware of. Like the recent Sony hack. I guess a company of this magnitude has policies around these issues but evidently they are not in control. I mean if the passwords for all your content channels and marketing are in a folder on you network shares that is called “Passwords”, having Excel files filled with usernames and passwords, then something is either wrong with the policies or with their implementation. I think the latter applies.

My assessment is that awareness is growing but that is not enough. There is a need to control the chaos of content that is out there, to actually make the policies work. It is a bottom up approach that is needed to get this under control. There is a huge amount of sensitive content out there in your organization waiting to harm you if it gets out or is found. Not being in control can cause serious trouble. In the decades to come the financial penalties will increase, hackers will be out there trying to find whatever they can, content will grow more rapidly and more channels will be open to threats. All these are factors contribute to a huge sensitive content liability. The upcoming years will tell.

The key to starting is getting insights and honestly assessing your current situation, to get in control and start working on implementing proper policies. Don’t you agree?