Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking
    • Storage

    Data Breaches Force Enterprises to Revise Privacy Policies: Gartner

    By
    Fahmida Y. Rashid
    -
    August 8, 2011
    Share
    Facebook
    Twitter
    Linkedin

      As a result of recent high-profile data breaches and various changes in technology, organizations are expected to revise privacy policies by the end of next year, Gartner researchers predict.

      As cloud computing and location-based services proliferate, organizations are grappling with the privacy implications of having data reside outside corporate control, Gartner said in its latest report released Aug. 8.

      The steady string of data breaches that have hit practically every industry sector and organizations of all sizes, and changes in compliance regulations will also force organizations to review and revise their current privacy policies before the end of 2012, Gartner analysts said.

      New threats to personal data and privacy emerged in 2010, but budgets for implementing privacy protection remained low, wrote Carsten Casper, research director at Gartner. Casper expects the budget crisis to continue throughout 2011 and 2012, with privacy programs “chronically underfunded.”

      More than half of companies will tweak the policies they already have to bring them up-to-date with new technologies and computing models, Gartner said. Data breaches ranked high on the priority list because they affect so many aspects of the business. But preparing for and following up on breaches was “straightforward,” and privacy officials should not be spending more than 10 percent of their time dealing with data breaches, according to Gartner.

      “Most controls exist anyway if security management is working properly,” according to Gartner.

      Regardless of what Gartner suggests, organizations are spending a lot of time resolving data breaches. Sony spent nearly a month rebuilding the PlayStation Network after a massive attack compromised user accounts in April. Sony will spend more months and years dealing with lawsuits from customers claiming damages as a result of the data breaches.

      A recent Ponemon Institute and HP Arcsight report found that the average time to resolve a cyber-attack was 18 days, and that a malicious insider attack could take more than 45 days on average to contain.

      Recommendations to Protect Data From Breaches

      Gartner made some specific recommendations to protect data from breaches, such as compartmentalizing personal information and restricting access to only the smallest number of users, and keeping track of who has privileges to view the data. Data should be encrypted when being transmitted across public networks and stored on portable devices and on other forms of storage, Gartner said. The report also recommended using data-loss-prevention tools, tokenization, data-masking and privacy-management tools.

      Depending on the nature of the business, privacy officers will focus 5 to 25 percent of their time on location services, Gartner said. While not every organization processes geo-location data from GPSes, the nearest cell tower, nearby wireless access points, smart meter identifiers and IP addresses, organizations need to be well versed in ways to avoid a potential “privacy scandal,” such as a smartphone application storing more location information than necessary, Gartner said.

      Many organizations are currently compiling “vast” amounts of data without a “clear plan of what to do with it,” Gartner said, noting the practice violates a fundamental privacy principle of “collect information only for the purpose for which you need it.”

      Gartner also claimed cloud computing and privacy are “innately at odds” because the laws that apply to the specific country in which the organization is headquartered doesn’t apply to data residing on public clouds because it doesn’t reside in any one particular country. Even so, privacy compliance does not require that data has to stay within the country, as organizations should focus on the location of the cloud provider, not of its data centers.

      “Most privacy laws have some flexibility, guidance is evolving slowly, and in many cases, there are legally acceptable solutions,” Gartner said. Privacy officials should support IT’s cloud and offshore initiatives while implementing “maximum privacy protection” for customers and employees. Gartner estimated that privacy in the cloud would consume 20 to 30 percent of the officer’s time.

      Organizations need to find the balance between “not enough” protection and “too much” protection, Gartner said. Privacy officials should not look at legal requirements as “they trail technical innovation and cultural change by several years,” according to Gartner. There should be a process to identify stakeholders for personal information, gather requirements, influence how the requirements are implemented and make adjustments when necessary. With the process in place, the execution should not take up more than 10 percent of the privacy official’s time.

      Finally, regulatory changes should not “distract” privacy officials, Gartner said, because most regulatory changes have only a “mid- to long-term effect.” Monitoring for changes and adjusting existing processes “are important tasks,” but should not consume more than 5 to 10 percent of the officer’s time, Gartner said.

      The remaining 15 to 20 percent of the privacy officer’s time should be spent executing the privacy program, revising policies, following up on incidents and managing relations, Casper said.

      Avatar
      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×