Data Management in the Digital Age
The way we store and share data is rapidly changing and so too must the way we protect it. In 2000, only one quarter of the world’s data was digitally stored, yet today less than 2% exists in a purely non-digital format. Whilst many companies have been quick to embrace the benefits and increased productivity that digitisation has brought, few have successfully addressed the inherent risks, making data management the single biggest threat facing companies today.
The year 2013 will serve as a perpetual reminder of the fragility of digitised data and the level of attention it attracts. High profile leaks at global banks, the inappropriate sharing of market sensitive data throughout the LIBOR scandal and Snowden’s revelations over the mass collection of personal data by national intelligence agencies has laid bare the ease with which confidential information can be illegally intercepted, shared and stored. The knock-on effect for companies is that they must operate in a more privacy-conscious marketplace. Client and consumer paranoia has reached a zenith and the onus is on companies to demonstrate that they are implementing rigorous controls and safeguards to secure confidential data. 2014 is expected to bring in a year of regulatory activism and fiscal penalisation, making it increasingly complex for businesses to capitalise on the true value of the digital economy.
Industry Changes and Challenges
In response to mounting concerns around data management, the EU has been developing a Framework to replace their archaic regulatory standards with tougher, more modern measures. The current Data Protection Directive, drafted in 1995, predates fundamental technological revolutions including cloud computing and social media, and fails to account for more risk prone business practices such as bring-your-own-device (‘BYOD’) and outsourcing. Whilst the upcoming General Data Protection Regulation is unlikely to be fully implemented until 2017, businesses should prepare for dramatic changes. It mandates, for example, the appointment of a Data Protection Officer (DPO) if more than 5,000 individuals’ data are being processed in a 12 month consecutive period. As well as this, there are plans to raise the current £500,000 limit on fines set by the Information Commissioner’s Office to allow for penalties of up to 5% of a company’s gross global revenue.
If not properly managed, the increased reliance upon BYOD and cloud computing services from outside parties threatens to undermine companies’ data security systems by increasing points of entry and decentralising control of the network. This issue is exacerbated by the fact that the personal devices used by employees are getting smaller whilst the amount of data they can store is increasing considerably. A typical employee’s mobile phone can now store upwards of 500,000 documents and USB sticks rival the storage capacity of hard-drives. This not only enhances the probability of loss or theft but increases the ease and speed by which data can be transmitted once seized.