No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Achieving Regulatory Compliance Through PII Discovery

A 4-Step Response to Privacy Regulations

by Khushboo Suri
March 6, 2019
in Data Privacy, Featured
blue file cabinets with personal data file drawers

Regulations concerning the protection of personally identifiable information (PII) are gaining steam, and the penalties for compliance violations are immense. Khushboo Suri of Adlib Software discusses what companies can do to identify the PII in their data stores and sufficiently protect it.

A steady stream of new regulations combined with a year-over-year increase in the number of customer records lost or stolen in data breaches mean that protecting personally identifiable information (PII) has never been as important as it is now for businesses across the globe. Accordingly, the imperative is on businesses to achieve regulatory compliance by taking swift steps to initiate PII discovery within their data stores and handle this sensitive information appropriately.

But when one considers that the vast majority of organizational data is unstructured – meaning it is disorganized and not easily searchable – many businesses can’t even begin to diagnose the scope of their risk, let alone take steps to fix it.

The Potential Risks Of PII

Across industries and sectors, unaddressed PII is a growing business risk — one that’s been in the spotlight since the European Union introduced sweeping regulations to protect consumer data on May 25, 2018. Coined the General Data Protection Regulation (GDPR), it enables regulators to apply fines of up to 4 percent of global revenue for breaches.

While businesses were given a fair amount of leeway to get their PII in order after the initial rollout of GDPR, fines are now starting to trickle in. The largest penalty to date has seen Google slapped with a fine of €50 million for inadequately disclosing to users how their data was being gathered for more personalized advertising. To date, this fine represents only the fourth penalty issued against any company since GDPR came into effect.

Though These Fines Are Steep, They Could Be Quite Widespread

According to Gartner, 40 percent of organizations are predicted to still be in violation of GDPR by 2020. And this isn’t the only law putting pressure on businesses to protect customer data. Starting in 2020, California will join the states and nations with new rules for handling and retaining PII when the California Consumer Privacy Act comes into effect.

Importantly, even if it wasn’t increasingly mandated by law, it would still be in a businesses’ best interest to take steps to identify and contain sensitive data. According to the 2018 Cost of Data Breach Study: Global Overview, the average cost of a data breach is $3.86 million, a 6.4 percent increase over the previous year. Increases in the average cost-per-record loss and size of data breaches were also reported. Hard numbers aside, consumer data breaches can also cause major reputational damage that can take years to overcome.

Mitigating the PII Risk

The annual data breach study also reported that companies’ ability to identify and contain a breach is a key factor in mitigating costs when a data breach does occur. The best way for companies to mitigate cost, though, is to work hard to reduce the risk of a breach – and of regulatory compliance fines – by implementing a PII discovery plan to identify all sources of PII within their data stores and applying enhanced security measures to that sensitive information.

The challenge is that you can’t protect data you don’t even know you have. Whether it’s paper documents, text that has been scanned into simple image format, nested email threads or one of countless other sources, most businesses are sitting on a minefield of unstructured PII and data.

A 4-Step Plan to PII Discovery

How, then, can businesses begin to get a handle on the data encompassed by privacy regulations?

  1. Identifying the organization’s PII footprint, which is best done by conducting a PII audit.
  2. Categorizing and tagging files containing PII so that the organization can isolate PII and ensure it is stored, accessed and utilized according to regulations.
  3. Minimizing the organization’s PII footprint by deleting redundant information and redacting PII wherever possible.
  4. Lastly – and only once the full scope of organizational PII has been determined – taking the appropriate steps to cordon off PII and encrypt the data and/or employ other security measures.

Given the high volume of data in most organizations’ possession, implementing these steps on a manual basis would be restrictive, if not impossible. Instead, businesses should seek to automate the process as much as possible, using technology to digitize and scan documents, converting them to a unified format – ideally PDF – before analysis.

Preventing PII Issues

The proliferation of PII is a massive business risk for organizations – both in terms of regulation and reputation. With GDPR penalties rolling in and the enactment of additional regional regulations on the horizon, it’s critical for organizations to immediately identify any PII within their content stores. Following this stage of PII discovery, businesses can then apply the appropriate privacy and security measures to protect their sensitive content. Not only will this strategy for PII discovery prevent costly regulatory compliance infractions, it could also prevent a business from becoming headline news in the next data breach.


Tags: California Consumer Privacy Act (CCPA)Data BreachGDPRPersonally Identifiable Information (PII)Reputation Risk
Previous Post

Monitoring: Building Bridges, Not Walls

Next Post

A Middle Eastern Woman’s Perception of Ethics & Compliance in the Middle East

Khushboo Suri

Khushboo Suri

Khushboo Suri is a Business Development Executive for Adlib Software, based out of the U.K. She works with organizations in the energy, life sciences, insurance and banking sectors to help them enhance content-centric processes by unlocking the value in unstructured content. Connect with Khushboo on LinkedIn to chat about what Adlib can do for your business.

Related Posts

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

red flag warnings

Fostering Risk Transparency in the Organization

by Jim DeLoach
November 9, 2022

Serious risks to your company’s financial and reputational health probably aren’t going to walk up and introduce themselves. Protiviti’s Jim...

Next Post
illustration of middle eastern woman and man facing each other

A Middle Eastern Woman’s Perception of Ethics & Compliance in the Middle East

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT