Gartner: Most IT Organizations Store Personal Data They Don’t Own or Control
The growing worldwide security technology and services market will play a crucial role in creating privacy programs and securing personal data, but so will managed services providers (MSPs). Going forward, most organizations will keep personal data on IT systems they don’t own or control, according to a recent Gartner, Inc. (IT) report. MSPs, then, will be the direct link between customers and Big Brother. Become a helping hand, not an iron fist, with these strategic steps.
Gartner predicted that by 2019, 90 percent of organizations will have personal data on IT systems that they don’t own or control. To assist with this issue, Gartner suggested that organizations develop privacy programs to keep personal data at “arm’s length, but under control” as a way of protecting it from potential security vulnerabilities. Gartner goes as far to recommend that organizations get out of the business of managing personal data by outsourcing to specialized service providers.
“The time has come to create an exit strategy for the management of personal data,” Gartner Research Vice President Carsten Casper said in a prepared statement. “Strategic planning leaders will want to move away from storing and processing personal data in the next five years.”
As leaders shift away from managing data, there are steps to consider for such a strategy approach:
- Decide what is personal and what is not — One type of data relates to human beings and the other does not. Make a clear distinction between the two data sets;
- Fence personal data — Identify personal data and protect it. Encryption is the most widely used protective control;
- Favor purpose-built over general-purpose applications — Do not combine personal data with other data — it creates risk. Analyze data before making a decision on its protection status;
- Adhere to privacy standards — Compliance can be costly, but it simplifies control frameworks, audits and information exchange, especially in scenarios where many players and stakeholders are involved; and
- Logical location — Confusion arises between physical and legal location, so go with logical location, a more pragmatic approach. Always figure out who can see and access the data.
Gartner recently predicted that the worldwide security technology and services market is expected to reach $67.2 billion in 2013, up 8.7 percent from $61.8 billion in 2012