By Bill Schiefelbein, senior vice president, e-discovery consulting for Conduent
If the Internet and social media have not already killed privacy, Big Data and the Internet of Things (IoT) are likely to finish the job. As 91 percent of American consumers agreed in a recent Pew Research Center survey, personal data is no longer personal: these respondents “agreed” or “strongly agreed” that they have lost control over how their personal information is collected and used. Organizations should worry about their ability to control this data as well. The greater the number of Internet connections they must contend with, the greater the likelihood of a breach that compromises the personal information of their employees and customers.
Organizations have only recently begun to address the risks of using the cloud to store data, and their increasing reliance on BYOD. But now, more than 25 billion Internet-connected devices in use worldwide, such as fitness trackers, navigation systems, and smart home appliances, have changed the game yet again, allowing organizations to collect, share, and analyze even more personal data in novel ways. A study conducted last year revealed that 70 percent of Internet-connected devices are vulnerable to attack, with the 10 most popular IoT devices averaging a whopping 25 vulnerabilities per device. Any insecure connection to these devices can compromise the confidential or proprietary information they hold as well as potentially other data stored on the organization’s network.
Balancing the benefits of this data for businesses, such as improving sales, targeting marketing efforts, and enhancing product development, against the risks of privacy and security breaches is difficult. This data carries immeasurable value for the organizations that collect it. However, that value may be outweighed by the staggering expenses that could accrue when organizations fail to protect personal data, including the costs of regulatory penalties, legal fees, forensic examinations, and the implementation of crisis responses, not to mention the business losses and reputational damage likely to follow.
On February 5, join us as we sponsor “Protecting Employee and Customer Privacy in the Era of ‘Big Data’ Monitoring,” a session at LegalTech New York that will explore current privacy laws and discuss the ways organizations monitor us, collect our personal information, and use and share that data. Our panelists will also suggest best practices for legal departments to follow as they construct privacy, computer, and network policies and security controls. Although there is no one-size-fits-all solution that can safeguard personal data, organizations can limit their exposure by taking concrete steps to manage these security issues now.