Risk Management

Consumer data (PII): Where, what and who is protecting it? Trends in Digital File and Data Sharing Blog Series part 3

Consumer data (PII)

One of the trends related to consumer data is regulations on how personal identifiable information (PII) is protected. The most recognizable examples are the GDPR and the more recent California Consumer Protection Act (CCPA).

Consumer data (PII)

Organizations collect a variety of data on consumers. What emerged in the research we conducted with 800 IT and business leaders is the type of data, how much of it is stored and tied back to the industry. What also emerged is the reliance on hard copies for storing and email for sharing.

As consumers, it’s easy to put our heads in the sand when it comes to how much data we are sharing across many organizations. But, as digital breaches and malicious attacks become the norm, it’s time to pay attention—to where, what and who is protecting it.

A deeper look into PII

Seventy percent of Healthcare and Government agencies store PII. In fact, for healthcare organizations, there is even more sensitive data to consider—healthcare records. Consider your visits to healthcare providers. What type of data do you share about yourself, your children, your family? 48% of survey respondents confirmed they track customer and patient behavior, and most of the data, 84%, is provided by the customer or patient themselves.

Customers (including patients) are unlikely to be aware of what and how much data companies hold on them. They are hopeful that organizations’ approaches to storing customer data are secure and centralized, and when necessary, those organizations can easily comply with customers’ requests to access all their data. As part of GDPR, customers have the right to access all their data and the right to be forgotten.

Where is your personal data being stored?

54% of the respondents from the healthcare sector store data as hard copies, in fact, it’s surprising how many organizations across verticals store data as hard copies (see diagram below).

Storing data on hard copies can be a security issue. Despite recognizing how critical it is to protect the (extensive) personal data they hold, data storage practices such as this can pose a risk.

What if you want your data, where do you go?

One reason we share our data is that we assume it’s going to be protected. We also share it in order to have a more seamless, customized experience. But what happens if you want your data back?

Many organizations in the survey placed the responsibility for retrieving customer data with IT. IT respondents placed it at 80%. While only 49% of the line of business thought IT was responsible, 51% thought it was the data protection officer/team.

Respondents identify two departments, on average, as being responsible for retrieving customer data. This demonstrates that often, respondents are unable to commit to a single source of responsibility. This implies that there may be confusion or uncertainty about who should lead the response in the face of any data-related challenges that occur.

And, how is this data shared? With the majority of respondents saying that data is shared via email and four in 10 say data is provided via a hard copy, security breaches may be made more likely as this place’s information outside of the respondent’s organization’s direct control.

This contrasts with the awareness that nearly all respondents have about how important it is to protect their customers’ data—demonstrating that while respondents may be aware of ideal or preferred data sharing processes, they do not have the tools at their disposal.

In summary, these challenges are only going to get more complicated. As consumers become more aware, there will be more pressure on companies—specifically how they store, track and share PII. We are seeing new use cases emerge from our customers—related to storing sensitive data with retention policies (that includes customer data), as well as how to transfer securely data to consumers when they request it.

Read the two other blogs in the Trends series.