In a series about cyber compliance issues, the Wall Street Journal takes a look at how collecting enormous amounts of data, without securing the private or sensitive information, can lead to large problems when there are security breaches:
It’s well-known that many companies aren’t aware when they have had their security breached. Compounding that problem is the fact it is hard to determine what might have been lost, because many companies have accumulated data over years in multiple forms.
Ignorance about stored data can magnify the costs of notifying customers and the risk of regulatory or legal repercussions, according to various experts.
“Companies continue to allow the information haystack to grow and grow and grow,” said Bruce Radke, chair of the data privacy group at law firm Vedder Price. The first step in any company’s assessment of its data should be “really looking at the information you need and getting rid of everything else,” he said. [...] Read more »