No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Preventing “The Great Spreadsheet Escape:” Lessons from BlackRock’s Data Leak

It Could Have Been Worse. It Also Could Have Been Prevented.

by Diane Robinette
March 20, 2019
in Data Privacy, Featured
illustration of leaky faucet in blue

In January, BlackRock accidentally leaked confidential sales data by posting spreadsheets unsecurely online – certainly not the first time we’ve seen sensitive information “escape” an organization. Incisive CEO Diane Robinette provides guidance companies can follow to minimize spreadsheet risk.

Several weeks ago, the world’s largest asset manager, BlackRock, accidentally posted a link to spreadsheets containing confidential information about thousands of the firm’s financial advisor clients. As reported by Bloomberg News, the link was inadvertently posted on the company’s web pages dedicated to BlackRock’s iShares exchange-traded funds. Included in these spreadsheets was a categorized list of advisors broken into groups identified as “dabblers” and “power users.”

While BlackRock was lucky in the fact that there was no financial information included on these spreadsheets, they are still left to deal with reputational damage. For the rest of us, this breach brings an important issue — spreadsheet risk management — back into the spotlight.

Despite years of rumors predicting the demise of spreadsheets, they are still widely used by businesses of every size. And why shouldn’t they be? Beyond providing an easy way to categorize clients and business partners, spreadsheets continue to meet the analytical needs of finance and business executives. They are especially useful for analyzing and providing evidentiary support for decision-making and for complex calculations where data is continuously changing. Yet, as we’ve seen time and time again, spreadsheets represent continued exposure to risk.

Accidentally clicking on the wrong spreadsheet is an easy mistake to make, especially when all documents are stored and treated equally. For example, it may seem obvious that a confidential spreadsheet should not sit alongside a football or Oscars pool spreadsheet, yet sometimes they do. When this happens, in a rush, it’s easy to click on the wrong spreadsheet and hit “send” or “post” before realizing the error. Putting policies in place that dictate such things as where confidential spreadsheets are stored is a good start. However, policies and procedures alone are simply not enough. Technology that enforces these policies and limits spreadsheet access to only authorized users is critical to stopping spreadsheets from escaping.

In an effort to gain control over spreadsheet risks, it’s not uncommon for companies to focus on change management. And while there is great value in the ability to track who changed what, when they changed it, etc., change management alone is also not enough.

It’s essential to put controls around spreadsheets that allow policies to be set and enforced and to dictate such things as who can access a spreadsheet or whether a spreadsheet can be saved outside the system. Spreadsheet risk management technology cannot entirely prevent scenarios like the BlackRock one from happening (yet). However, the ability to house critical spreadsheets in a controlled environment, along with policies and procedures, can limit these situations from happening.

Human error is always a liability. And while technology alone isn’t the answer, the right technology will provide the visibility and transparency to ensure you’re doing the right things. Implementing controls to manage the risks associated with business-critical spreadsheets will help keep companies from becoming the subject of embarrassing or devastating headlines.


Tags: Data GovernanceReputation Risk
Previous Post

Proposed Privacy Legislation Grows at the State Level

Next Post

Deloitte Report: 94 Percent of Boards Surveyed Aim to Increase Diversity, Industry-Specific Experience Tops Board Recruitment Priorities

Diane Robinette

Diane Robinette

June 15 - Diane Robinette headshotDiane Robinette is president and CEO of Incisive Software, a provider of innovative risk intelligence spreadsheet management solutions. She has more than 20 years of experience in strategic planning, marketing, product management, business operations and management. Diane has worked in companies from startups to large enterprises in various industries including high-tech, aerospace and defense, telecommunications, financial services and transportation.

Related Posts

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

red flag warnings

Fostering Risk Transparency in the Organization

by Jim DeLoach
November 9, 2022

Serious risks to your company’s financial and reputational health probably aren’t going to walk up and introduce themselves. Protiviti’s Jim...

Next Post
racially diverse hands raised on yellow background

Deloitte Report: 94 Percent of Boards Surveyed Aim to Increase Diversity, Industry-Specific Experience Tops Board Recruitment Priorities

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT