No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
    • Upcoming
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Instead of Crying Over Spilled Data, Shore up Your Governance Practices

As nearly 3 in 4 CISOs say they’ve had a data leak or spillage, consider what you’re collecting and how you’re storing it

by Rich Hale
October 12, 2022
in Cybersecurity, Data Privacy
data spillage

The reputational damage and compliance failures that result from a data spillage incident are well-known, and as the volume of information companies collect continues to rise, those risks are only going to increase. ActiveNav’s Rich Hale offers simple advice that can help CISOs prevent (rather than clean up) a costly data spill.

When you hear the word “spillage,” most likely, nothing good springs to mind. And when it comes to one of a company’s most valuable assets — the sensitive customer data it processes, collects and manages on a continuous basis — spillage is not a word you want to see flash across your screen.

A recent survey by Microsoft found that 73% of chief information security officers (CISOs) indicated that their organization encountered leaks of sensitive data and data spillage within the past year. And as we’ve come to appreciate, the cost of a data leak extends far beyond the bottom line — from the actual cost of dealing with the leak or fines resulting from compliance failures, to the untold reputational damage a data spill can wreak on your brand.

Unlike a data breach, which is typically the intentional result of a threat actor, a data spillage event is all too often the byproduct of a seemingly innocuous mishap — a misconfigured AWS cloud bucket or in the case of one of the largest data breaches in U.S. history, an expired Apache certificate.

The National Institute of Standards and Technology defines data spillage as a security incident that results in “the transfer of classified information onto an information system not authorized to store or process that information.” 

Research has shown that in the vast majority of cases, most data spills are the result of human error, be it an employee clicking on a phishing email, a keystroke error or a bug that causes an application to inadvertently retrieve more data than it was supposed to. Gartner estimates that through 2025, 99% of cloud security failures will be traced back to preventable misconfigurations or an employee’s mistake. They’re easy errors to make, especially as more employees are logging in from remote locations.

The risk of data spillage has only grown more acute (and the consequences more dire), as the way we work has fundamentally evolved due to the global pandemic and the broad adoption of the work from anywhere movement, which, while a boon for employee morale, continues to present a host of new challenges to resource-strapped IT departments.

As Benjamin Franklin once famously quipped, “an ounce of prevention is worth a pound of cure.” The more time you can invest upfront in keeping your sensitive data secure, the less likely you’ll be sitting for a lengthy deposition with your legal team down the road.

Create a data map to gain visibility

As the age-old business trope goes, you can’t manage what you can’t see. And perhaps nowhere is that more clear than when it comes to how companies go about managing their sprawling data estate. Because most enterprise organizations store data across operating environments — from their own on-premises data centers to a rotating mix of public and private cloud — they often don’t have any real idea as to where all their data resides at any single point in time. 

That’s why a good first step is to build a data map to get critical visibility into both your structured and unstructured data, whether you use the traditional route of spreadsheets and stakeholder meetings or opt for a technology-aided solution. 

Don’t be a data hoarder

Because the public cloud has made it so cheap and easy to store an unlimited amount of data, it’s created a dangerous hoarder mindset that data never needs to be erased because after all, who knows when we might need it? 

Instead take a cue from Marie Kondo, who tapped into the cultural zeitgeist by challenging people to consider the belongings in their home and to ask themselves whether a particular item sparks joy. In a similar fashion, good data governance begins by reducing your data stores to essentials and nothing more. For all the potential value that data holds, archived data also represents a minefield of potential risk and liability that can be best avoided by not putting it in the direct sights of a threat actor or a careless employee.

Whenever possible, encrypt your data

According to the 2021 Verizon Data Breach & Incident Report, 94% of all malware is delivered by email, demonstrating once again why humans will always be considered the weakest link in the security chain. Because most network incursions are the result of an authorized user willfully handing over their secure credentials — or worse still, an aggrieved employee with an ax to grind — ensuring that sensitive data repositories are being encrypted is an essential safeguard that should not be underestimated. 

Invest in data governance automation

Data volumes will continue to grow at exponential rates and are now measured in petabytes and zettabytes. Beyond the mass quantity of data being produced on a daily basis, we are now also creating new types of data that need to be monitored and protected, be they text messages, video files or collaboration messages. That’s why an automated data governance platform, which can proactively monitor the quality and compliance of your data, enforce retention policies and address legal and regulatory requirements, has become table stakes for high-performing data security teams. 

Plan for the best, prepare for the worst

As history has shown us time again, even the best-laid plans can go awry. That’s why even the most well-funded security teams have a vetted incident response action plan at the ready. But it’s not enough to just develop a playbook and wait for something to happen. As anyone who has lived through the experience of a leak knows, it’s essential that your team has dedicated time to running through all the procedures to ensure that everyone understands their roles and responsibilities inside and out. Tabletop exercises are another good way to make sure everyone’s on the same page and knows what to do.


Tags: Cloud ComplianceData BreachData Governance
Previous Post

Win-Lose Situation: No Matter Outcome of Brazilian Presidential Election, Corruption Wins (and Everyone Else Loses)

Next Post

Global Screening Services Spins off From AlixPartners as Standalone RegTech Provider

Rich Hale

Rich Hale

Rich Hale is the chief technology officer of ActiveNav, where he focuses on developing file analysis software. Rich spent 16 years as a Royal Air Force engineer officer deployed around the world. His career in the Royal Air Force not only spanned over a decade but also numerous countries including the U.S., Saudi Arabia, Kuwait and Canada. He is a product and information evangelist, with experience won through many years’ developing information governance programs in enterprise and government agencies.

Related Posts

data privacy leader concept

Who’s Minding Your Data? The Case for Dedicated Privacy Leadership

by Daniel Barber
June 16, 2025

As state privacy laws multiply and AI introduces new vulnerabilities, the question isn't whether you need dedicated privacy expertise —...

abstract obscured data colorful

NIST’s Differential Privacy Guidelines: 6 Critical Areas for Secure Implementation

by Michelle Drolet
June 16, 2025

Standard de-identification methods remain vulnerable to sophisticated attacks, but differential privacy offers mathematical guarantees that scale with emerging threats

new york and us flags

New York Tightens the Breach Clock: 30 Days to Notify

by Melissa Crespo and Reiley Porter
May 12, 2025

State joins growing national trend toward broader personal information definitions and stricter notification timelines for data compromises

doj building sign with flags

‘Reasonable Steps’: What the DOJ Expects From Your Bulk Data Transfer Compliance Program

by Alexandra P. Moylan, Alisa L. Chestler and Michael J. Halaiko
May 5, 2025

Sample provisions offer blueprint for compliant data brokerage with foreign entities

Next Post
Global Screening Services Spins off From AlixPartners as Standalone RegTech Provider

Global Screening Services Spins off From AlixPartners as Standalone RegTech Provider

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
    • Upcoming
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights