Friday, December 13, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Achieving Regulatory Compliance Through PII Discovery

A 4-Step Response to Privacy Regulations

by Khushboo Suri
March 6, 2019
in Data Privacy, Featured
blue file cabinets with personal data file drawers

Regulations concerning the protection of personally identifiable information (PII) are gaining steam, and the penalties for compliance violations are immense. Khushboo Suri of Adlib Software discusses what companies can do to identify the PII in their data stores and sufficiently protect it.

A steady stream of new regulations combined with a year-over-year increase in the number of customer records lost or stolen in data breaches mean that protecting personally identifiable information (PII) has never been as important as it is now for businesses across the globe. Accordingly, the imperative is on businesses to achieve regulatory compliance by taking swift steps to initiate PII discovery within their data stores and handle this sensitive information appropriately.

But when one considers that the vast majority of organizational data is unstructured – meaning it is disorganized and not easily searchable – many businesses can’t even begin to diagnose the scope of their risk, let alone take steps to fix it.

The Potential Risks Of PII

Across industries and sectors, unaddressed PII is a growing business risk — one that’s been in the spotlight since the European Union introduced sweeping regulations to protect consumer data on May 25, 2018. Coined the General Data Protection Regulation (GDPR), it enables regulators to apply fines of up to 4 percent of global revenue for breaches.

While businesses were given a fair amount of leeway to get their PII in order after the initial rollout of GDPR, fines are now starting to trickle in. The largest penalty to date has seen Google slapped with a fine of €50 million for inadequately disclosing to users how their data was being gathered for more personalized advertising. To date, this fine represents only the fourth penalty issued against any company since GDPR came into effect.

Though These Fines Are Steep, They Could Be Quite Widespread

According to Gartner, 40 percent of organizations are predicted to still be in violation of GDPR by 2020. And this isn’t the only law putting pressure on businesses to protect customer data. Starting in 2020, California will join the states and nations with new rules for handling and retaining PII when the California Consumer Privacy Act comes into effect.

Importantly, even if it wasn’t increasingly mandated by law, it would still be in a businesses’ best interest to take steps to identify and contain sensitive data. According to the 2018 Cost of Data Breach Study: Global Overview, the average cost of a data breach is $3.86 million, a 6.4 percent increase over the previous year. Increases in the average cost-per-record loss and size of data breaches were also reported. Hard numbers aside, consumer data breaches can also cause major reputational damage that can take years to overcome.

Mitigating the PII Risk

The annual data breach study also reported that companies’ ability to identify and contain a breach is a key factor in mitigating costs when a data breach does occur. The best way for companies to mitigate cost, though, is to work hard to reduce the risk of a breach – and of regulatory compliance fines – by implementing a PII discovery plan to identify all sources of PII within their data stores and applying enhanced security measures to that sensitive information.

The challenge is that you can’t protect data you don’t even know you have. Whether it’s paper documents, text that has been scanned into simple image format, nested email threads or one of countless other sources, most businesses are sitting on a minefield of unstructured PII and data.

A 4-Step Plan to PII Discovery

How, then, can businesses begin to get a handle on the data encompassed by privacy regulations?

  1. Identifying the organization’s PII footprint, which is best done by conducting a PII audit.
  2. Categorizing and tagging files containing PII so that the organization can isolate PII and ensure it is stored, accessed and utilized according to regulations.
  3. Minimizing the organization’s PII footprint by deleting redundant information and redacting PII wherever possible.
  4. Lastly – and only once the full scope of organizational PII has been determined – taking the appropriate steps to cordon off PII and encrypt the data and/or employ other security measures.

Given the high volume of data in most organizations’ possession, implementing these steps on a manual basis would be restrictive, if not impossible. Instead, businesses should seek to automate the process as much as possible, using technology to digitize and scan documents, converting them to a unified format – ideally PDF – before analysis.

Preventing PII Issues

The proliferation of PII is a massive business risk for organizations – both in terms of regulation and reputation. With GDPR penalties rolling in and the enactment of additional regional regulations on the horizon, it’s critical for organizations to immediately identify any PII within their content stores. Following this stage of PII discovery, businesses can then apply the appropriate privacy and security measures to protect their sensitive content. Not only will this strategy for PII discovery prevent costly regulatory compliance infractions, it could also prevent a business from becoming headline news in the next data breach.


Tags: CCPA/California Consumer Privacy Actdata breachGDPRPIIreputation risk
Previous Post

Monitoring: Building Bridges, Not Walls

Next Post

A Middle Eastern Woman’s Perception of Ethics & Compliance in the Middle East

Khushboo Suri

Khushboo Suri is a Business Development Executive for Adlib Software, based out of the U.K. She works with organizations in the energy, life sciences, insurance and banking sectors to help them enhance content-centric processes by unlocking the value in unstructured content. Connect with Khushboo on LinkedIn to chat about what Adlib can do for your business.

Related Posts

change is coming text on city background at sunset

Future-Proofing the Compliance Professional

December 13, 2019
futuristic technology projecting 2020 in white text

The Future of Data Privacy Regulation

December 12, 2019
illustration of businessmen shaking hands through smartphone screens

FINRA Reveals Top Areas of Interest: Supervision and Digital Communications Compliance Programs

December 12, 2019
new york city skyline at sunset

The Early Days: The Birth of the Independent Monitoring Concept

December 11, 2019
Next Post
illustration of middle eastern woman and man facing each other

A Middle Eastern Woman’s Perception of Ethics & Compliance in the Middle East

Free Downloads

OFAC whitepaper cover
Compliance Job Interview Q&A
Reputation Risk Management Research

RSS SEC Litigation News

  • John Special, Defendant, and Michael Murphy, Relief Defendant, John Kenneth Davidson December 12, 2019
    SEC Obtains $3 Million Settlement in Insider Trading Action
  • Palm Beach Atlantic Financial Group, LLC and William A. Smith December 11, 2019
    SEC Charges Florida Resident and His Corporate Entity for Fraudulent Securities Offerings
  • Nanotech Engineering, Inc., Michael James Sweaney (also known as Michael Hatton), David Sweaney, and Jeffery Gange December 11, 2019
    SEC Obtains Asset Freeze to Halt Alleged Offering Fraud

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks Big Data blockchain board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management corporate culture corporate governance culture of ethics cyber risk data analytics data breach data governance decision-making Dodd-Frank DOJ due diligence fcpa enforcement actions GDPR GRC HIPAA information security internal audit internet of things (IoT) KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • News
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights