It has been found that many organisations are not doing all they can to protect data privacy with there being a lack of transparency in how businesses store personal data, according to PwC’s 2018 Global State of Information Security Survey (GSISS). It was found only 51% of respondents have an accurate inventory of where personal data for employees and customers are collected, transmitted, and stored. When it comes to third parties who handle personal data of customers and employees, less than half (46%) conduct compliance audits to ensure they have the capacity to protect such information. And a similar number (46%) say their organisation requires third parties to comply with their privacy policies.
This certainly does not make for good reading, especially with GDPR around the corner, IT security experts commented below.
Paul Edon, Director at Tripwire:
Javvad Malik, Security Advocate at AlienVault:
The PwC survey suggests that roughly only half of respondents have an accurate inventory of where personal data is collected, transmitted, and stored. Without an accurate and up to date inventory, it is near impossible to have confidence that privacy controls that have been implemented are effective.
Once an inventory is collated, then companies can undertake risk assessments, and evaluate the effectiveness of controls with any degree of confidence.”