The seven deadly sins of data privacy
The Sileo Group
Technology is not the root cause of identity theft, data breach or cyber crime. We are.
Too often, we use technology as a scapegoat, thus providing a convenient excuse to sit apathetically in our executive offices, unwilling to gaze at the enormous profit-sucking sound that is mass data theft. Like a flooded river, poor privacy leadership flows inexorably downhill from the CEO, until at last, it undermines the very banks in which it is contained.
Corporate boardrooms across America care about the loss of people's personal data about as much as Ford cared about recalling the Pinto when they began exploding on rear impact. It was cheaper to fight the lawsuits filed by the surviving relatives than to re-engineer the gas tank. And we delude ourselves that it's cheaper to take a tax write-off on data-loss line items than to stem the flow of sensitive information out of the corporation.
We continue to fail to see the connection between data breach and larger profit hits -- liability lawsuits, brand damage, customer flight, stock depreciation, loss of trust in the company and bad press. Just ask TJX, who has spent an estimated $500 million recovering from their data breach -- a breach that could have been prevented at a fraction of the cost.
In clearer terms, poor leadership (not technology) is the primary factor leading to data breach. We say that information is our most valuable asset, but we refuse to invest in a privacy strategy to protect that asset.
The seven deadly sins of data privacy
As I have traveled the country speaking on this topic, I've noticed that a majority of corporations experiencing data breach and workplace identity theft share similar weaknesses in their overall privacy fabric. You have an opportunity to learn from their mistakes before they become yours. Begin by asking yourself whether you (as a leader) or your organization suffers from any of the seven deadly sins:
1. Apathy -- A disturbing lack of care for and attention to a crime you incorrectly believe will never seriously impact your bottom line. If you have never had a corporate-wide privacy education initiative, you are a prime candidate for this weakness.
2. Ignorance -- Many leaders refuse to admit that they don't know what they don't know. For example, do you know the value, location and confidentiality of your sensitive data? Do you know how it is protected, how long it is maintained and why you keep it in the first place?
3. Arrogance -- Some executives see themselves as champions of data privacy because they have a strong IT department, but fail to see that privacy doesn't exist in a silo. Does your organization tend to believe that data privacy is the realm of the IT department? If so, you are overlooking other critical functions (human resources, sales, intellectual property, legal compliance) that are touched by privacy concerns on a daily basis.
4. Greed -- The external profit pressures are so strong on most corporations that leadership can't see the forest for the trees. What percentage of your profits goes toward protecting your information assets? If you don't know, you are at risk.
5. Hypocrisy -- Many CEOs are the first to violate the very privacy policies that they champion. Have you ever surfed unprotected at the airport? Do you shred every piece of sensitive data that goes in your trash? What passwords are stored in your BlackBerry?
6. Paralysis -- some companies and executives have difficulty breaking old habits and, by default, choose to perpetuate high-risk data practices. Do you collect certain private information simply because you always have? Have you ever re-evaluated your hiring policies to take corporate espionage, workplace identity theft and insider fraud into account?
7. Procrastination -- Even executives who care about, educate themselves on, admit to, have the budget to invest in, and personally practice data safety never get around to doing something about it at the corporate level. When you are finished with this article, how will your behavior change? Will you get to it later?
*For further information, or to contact this author, please leave a comment and your e-mail address in the forum below.