Reports suggest that the European Commission is planning to impose fines of up to five per cent of global turnover on errant companies losing private data, so I advise major corporates to invest in the necessary data defences before it is too late.
The changes to EU data protection legislation – which will reportedly be announced tomorrow – are long overdue. We’re already seeing the UK regulator, the ICO, imposing its first major fines on public sector bodies, so it’s clear there is a wind of change in the air.
And with penalties of five per cent of global turnover – rather like serious motoring offences, the advice has to be to shape up, or face the consequences.
Because they are based on turnover, these penalties have the capacity to wipe out a corporate’s global profits for the year and that makes the topic of data protection a top boardroom topic, if it were not one before.
It is increasingly clear to all organisations that the biggest risk surrounding data does not come from hackers directly compromising customer and employee files, but from overly permissive access, lack of access auditing, lack of context, and lack of automation for the volumes of unstructured data that slosh around company archives.
Research from Forrester and other analysis houses shows that as much as three quarters of data in large enterprises is unstructured and, because of the volume, lack of native auditing, and lack of automated analysis, means that auditing this data – as required under current governance rules – is far more difficult for IT security staff concerned.
That doesn’t mean it is impossible. It just means that corporates have to invest in the necessary data protection and analytical technologies capable of auditing – down to the last file – who does what, when and where with the firm’s data.
And with unstructured archival data being measured in terabyte and petabyte file sizes, this is where many data security systems are pushed beyond their normal limits. But with penalties of up to five per cent of global turnover, I predict you will see major enterprises investing in the required technology.
I’ve been banging the drum on the need for unstructured data management and protection for many years, so it’s good to see the European Commission supporting us in tackling this very real data security problem – at long last.