Employees, Outside Vendors Threaten Corporate Data

    Oct 27, 2015

    A global survey of corporate privacy professionals identifies employees and vendors as two huge sources of risk that corporations are failing to manage properly.

    Conducted by Bloomberg Law and the International Association of Privacy Professionals (IAPP), the survey, "Assessing and Mitigating Privacy Risk Starts at the Top," reveals key threats to a company’s data security as well as highlights the importance of corporate buy-in to mitigating the risk of a data breach.

    While 55% of respondents said they consider their corporation’s performance relating to privacy and risk as excellent or almost excellent, they were less confident in how organizations specifically addressed some of the most critical privacy issues, according to the survey. Only 35% rated their company’s employee monitoring program excellent, and only 30% gave the same rating to their vendor management program.

    While frequently the risk of the insider is attributed to disgruntled employees, the findings of the survey point to lack of education as a much bigger cause. If employees are not correctly educated in their responsibilities, it can be easy for them to mishandle private data, increasing the risk it may be compromised.

    David Perla, president of Bloomberg Law, said, “One thing that jumped out at me is the sense of insecurity that organizations have about their employees being properly trained. The risk is not so much one of intentional insider threat as it is that people are not aware of their own ability to impact and protect data, as a result of their lapse in training.”

    “There are accidental breaches; there can be inadvertent issues with how data gets transferred to vendors that may cause different issues,” added Brian Kudowitz, Bloomberg Law’s commercial product director for privacy & data security. “If you have a base of employees from top to bottom who don’t understand any of this, it’s not going to be just about breach responses – you’re going to create problems for HR, and other normal business operations like communications and vendor selection as well.”

    Survey participants identified the support of corporate leadership as the most important factor in reducing the risk of a data breach, with 89% considering it “important” or “very important.” Kudowitz told Legaltech News that buy-in is the “glue that holds everything together.”

    The survey results are based on the responses of 347 corporate privacy professionals, including nearly 250 based in the United States. The full study, titled "Assessing and Mitigating Privacy Risk Starts at the Top," can be accessed here.   

    ARMA International’s newest technical report, Secure Management of Private Information (TR28-2015), is aimed at helping records and information management and information governance professionals address such privacy concerns.


  • Legal Tech
  • Reuters

    © 2017, ARMA International