Inside Jobs and Outside Vendors Among Biggest Threats to Corporate Data Security, Survey Reveals

spying_guy image

Corporations seeking to avoid costly data breaches might want to worry less about foreign hackers and more about the new employee in accounting. That’s one of several instructive takeaways from a comprehensive global survey of corporate privacy professionals that identifies employees and vendors as two sources of risk that corporations are failing to manage properly.

“We’ve all seen the damage that data breaches can inflict on corporations,” said David Perla, President of Bloomberg Law, which commissioned the survey from the International Association of Privacy Professionals (IAPP). “It’s time to go beyond the headlines to understand privacy issues at a deeper level, and the revelatory findings in this survey are a step in that direction.”

Coinciding with the survey, Bloomberg Law today launched a new, innovative tool — Bloomberg Law: Privacy & Data Security — for attorneys, in-house counsel, and compliance professionals whose work touches on this area of exponential growth and concern.

“It’s a data-driven world, and this important survey data demonstrates how privacy professionals actually perceive and handle risk in the real world,” said J. Trevor Hughes, President and CEO of IAPP.

Survey participants identified “buy-in” from corporate leadership as the most important factor in mitigating the risk of a data breach, with 89% considering it “important” or “very important.” While respondents rated their employers’ performance relatively strongly in that regard (55% considered it excellent or almost excellent), they issued considerably lower scores for their employers’ performance on two other significant sources of risk: employee monitoring (35%) and vendor management (30%).

When asked who within their organizations were responsible for evaluating privacy risk, respondents identified general counsel more frequently than any other individual. This was even truer in the United States (where 61% said that general counsel were involved in privacy risk evaluation) than outside the United States (43%). One of the survey report takeaways suggests that the difference may be due to the fact that “compliance is more difficult to discern in the U.S., where there may not be any specific law governing how data can be used.”

Bloomberg Law: Privacy & Data Security features a number of time-saving practice tools, including “chart builders” that assist counsel in comparing laws on breach notification, medical privacy, and other issues across jurisdictions. In addition to statutes, case law, regulations, agency guidance, and a news “heat map,” it also contains practical documents and forms for practitioners as well as detailed information on upcoming legislative enactments in the U.S. Congress, state legislatures, and in foreign countries.  Practitioners can keep abreast of global privacy laws, regulations, and enforcement actions through Bloomberg Law: Privacy & Data Security’s detailed country profiles, treatises, and portfolios crafted by expert practitioners.

“The data security environment is changing on an hourly basis,” said Craig Newman, chairman of the privacy and data security practice at Patterson Belknap Webb & Tyler LLP, the New York-based law firm. “Staying truly informed in this area requires substantial effort. Privacy attorneys will welcome any tool that’s effective in marshaling information for ourselves and our clients.”

Consistent with the survey’s findings on the importance of counsel in assessing privacy risk, respondents identified outside counsel as the most common third-party product or service on which they spent funds.

“In light of the current threat environment, organizations want quick, practical answers on data security,” said Lisa Sotto, head of the global privacy and cybersecurity practice at Hunton & Williams LLP. “This is an area that carries huge reputational and financial risk. With so much on the line, companies need resources they can turn to for fast and accurate information.”

The survey results are based on the responses of 347 corporate privacy professionals, including nearly 250 based in the United States. The full study, titled “Assessing and Mitigating Privacy Risk Starts at the Top,” can be accessed here. (8)

Henry Sapiecha

Leave a Reply

Your email address will not be published. Required fields are marked *