Expanding Data Brings Growing Risks
Companies today face a growing number of complex legal and regulatory obligations related to managing and protecting consumers’ personal data. And the total amount of personal data collected is increasing at a dramatic rate; Gartner estimates 65% of the world’s population will have its personal data covered under privacy regulations by 2023. By implementing best practice Information Governance solutions organizations can mitigate these risks.
Limiting Potential Exposure and Damages
Privacy laws are expanding and evolving, and organizations’ risks are increasing significantly. Ungoverned personal data creates greater potential for non-compliant activity, such as unauthorized use and selling or sharing. When organizations that retain personal data experience a data breach their bottom lines, customers, and reputations all suffer. Consumers, government agencies, and courts will demand to know what specific data was impacted, and fines and enforcement actions may follow.
Facing Regulatory Scrutiny
The U.S. currently lacks any single data privacy and protection law. But state laws, federal regulation (such as FTC consumer protection), and industry regulation (such as HIPAA) are wide-reaching. The California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR) are coming to dominate the actions of other legislative and regulatory bodies. Enforcement actions under those laws are already underway with fines in the millions of dollars organizations of all sizes face scrutiny.
Four U.S. states have already enacted consumer data privacy laws and all states have laws requiring response to data breaches. Certain U.S. industries are subject to specific regulations, including consumer finance, telemarketing, and healthcare. Even before a federal consumer privacy law is passed, the FTC is increasingly fining companies for data privacy and protection shortfalls by extending its consumer protection mandate to view failures to protect personal data as subject to FTC action.
Providing Consumers Access to Their Personal Data
Increasingly, data privacy and protection laws give consumers rights regarding the personal data a company may hold about them – a Data Subject Access Request (or DSAR). Consumers can ask an organization to correct, delete, or provide their personal information. A 2022 report by DataGrail found that U.S. businesses, on average, receive 30 DSARs monthly for each one million personal identities in their files, and manually processing a single DSAR request costs $1,524, according to Gartner research.
Organizations will struggle to meet these requests, further increasing costs, if they do not have good Information Governance capabilities, including a solid understanding of what information they have and reliable methods and effective tools to find it.
The Right Approach
Bernstein Data focuses exclusively on Information Governance issues, helping companies meet their IG objectives, including Information Lifecycle Management, Data Privacy, Defensible Disposal, Information Security, Operational Effectiveness, and IG Risk Management. We offer a single point-of-service, with comprehensive knowledge of the “Why”, “What”, and “How” of Information Governance, including:
- California Consumer
- Data Breach
- Data Loss Prevention
- Data Privacy
- Data Protection
- Defensible Deletion
- Defensible Disposal
- Delete Information
- Destroy Information
- Disposition Schedule
- General Data Protection Regulation
- Litigation and Regulatory Responsiveness
- Personal(ly) Identifiable Information
- Personal Information
To learn more about how we can help you navigate these issues, contact us with the form below, or call: +1 (646) 893-1663
Matthew Bernstein has worked at the intersection of business and technology for more than twenty years, to transform organizations and to define, develop, and operationalize information management standards and solutions.
"*" indicates required fields