How to successfully manage ungoverned data for risk mitigation

By Dean Gonsowski, Esq.

Dean Gonsowski (dean.gonsowski@activenav.com) is the Chief Revenue Officer at ActiveNav, located in the Washington, DC, metro area.

Are we currently experiencing a data explosion, as many pundits claim? If the general volume of data is truly exploding, it is the longest and continuous explosion that we have ever seen. While organizations are struggling to control this data proliferation, they’re also facing increased regulatory compliance issues, ranging from state-based privacy initiatives like the California Privacy Rights Act to New York’s cybersecurity regulation, to even more novel regimes like Illinois’s new biometric rules. In concert, headlong data and regulatory growth means an even larger burden for regulated entities in the healthcare, financial services, and energy sectors.

“Unstructured” data can comprise as much as 90% of a company’s data environment.[1] Unstructured data is data that doesn’t fit into predefined data models and is therefore inherently full of risk because it’s hard to search, analyze, and control. No one knows what’s hiding in this dark data, which is often created by users and usually includes sensitive information that hackers look for, such as personal identifiable information (PII), Social Security numbers, and credit card information.

Simultaneously, the looming threat of data breaches continues to grow. Alarmingly, in 2020, despite huge investments in cybersecurity technologies, the number of compromised records was the highest on record.[2] On average, the cost per record breached was $146. That cost went up to $150 if the record contained PII, which is still the most compromised type of record, with PII being breached in 80% of cases.[3] Healthcare has been hit especially hard with compliance concerns during the pandemic. Today, healthcare data records are almost 50 times more valuable[4]  than the next highest-value record, and the average cost of a data breach for healthcare institutions stands at $7.13 million—the most expensive of any sector.[5]

Cybersecurity alone is insufficient

Companies have been and continue to invest heavily in cybersecurity technologies like endpoint protection, identity and access management, and third-party risk management to improve their security posture—as they should. Despite these prophylactic measures, data breaches continue to occur at an alarming rate, even at some of the most sophisticated companies in the world. Certain sectors are being targeted at an even higher rate than average entities. For example, more than one in three healthcare organizations globally reported being hit by ransomware in 2020, with this sector experiencing a 45% uptick just since November 2020, according to Health IT Security.[6]

Information governance can complement cybersecurity efforts to help better manage information prior to and when the inevitable occurs. Information governance is the suite of activities and technologies that organizations can employ to maximize the value of their information, while minimizing associated risks and costs. When done effectively, information governance reduces the amount of data under management and provides visibility into what data was breached if it occurs—or, rather, when it occurs.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings