Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Newswire

Managing data-privacy risk in today's global environment

By Kate Barecchia
data privacy laws
July 19, 2021

Many organizations do not know how to find, access, or control personal data. That inability to accurately manage personal data creates a few different organizational risks. For organizations with global operations, those risks are magnified.

The first major risk organizations face relates to compliance with laws.  If an organization doesn’t know what personal data it has, where that personal data resides, and who has access to that personal data, compliance with data privacy laws like the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the new Colorado Privacy Act (CPA) becomes nearly impossible.

GDPR, CCPA, and CPA all have one thing in common:  they all require an organization to be able to produce records to an individual upon request within a relatively short time frame.  They also require organizations to take action on an individual’s request to be forgotten – in other words, they all require an organization to delete an individual’s personal data if requested.  If the organization doesn’t know what data they have or where it lives, they can’t action those requests.  A failure to action an individual’s requests can lead to high fines and reputational damage.

For businesses that operate in multiple jurisdictions, managing these data subject access requests can be a major operational challenge. Manually processing these requests can cost upwards of $240,000 per million records, according to industry experts (Source: DataGrail’s 2020 Consumer Privacy Expectations Report).

While GDPR, CCPA, and CPA are some of the most recent examples of relatively new data privacy laws, more than 100 countries have implemented data privacy legislation and many of those laws offer similar data access rights.  In the absence of a federal solution, many U.S. states are also debating and implementing their own data privacy laws.  To meet these varying compliance requirements, it’s critical that an organization know what personal data they have and where it resides. 

Another risk organizations onboard when they don’t know what personal data they have comes from data security incidents.  A report from Imperva Research Labs shows that personal data is a top target for attackers. If an organization doesn’t have an accurate data map, it is incredibly challenging to assess the severity of a data security incident and to determine any associated reporting obligations. Trying to build a data map in the midst of a data security incident creates unnecessary pressure and is likely to lead to a misunderstanding of the associated risk. As a result, an organization may miss a regulatory reporting deadline, which, in the EU, can be as short as 72 hours. 

An organization with an established, accurate data map can also leverage the benefits of a data retention program. If an organization knows its data inventory, it can begin to delete data it no longer needs. Once that data has been securely deleted, the organization can effectively shed the associated data security risk.

Another risk organizations face when they don’t know what data they have or where it resides comes from insider threats.  When users are given privileges which are not necessary for their role, that risk increases.  Having an understanding of user permissions and applying appropriate role-based access controls are effective ways to mitigate that risk.

The good news is that, in today’s market, tools exist to assist organizations with data discovery. By deploying these tools, organizations can locate and classify the types of data they have, can map where it resides, and can determine who has (or should not have) access.  Some tools even include integrated features which assist with the management of data subject access requests.  Based on the findings those tools provide, an organization can then develop a plan of action to reduce its overall data privacy risk. Making an investment in those tools can save an organization from substantial costs down the road, including fines, legal fees, and loss of reputation.

KEYWORDS: compliance data privacy data security GDPR risk and resilience risk management risk mitigation

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Kate Barecchia is Global Data Privacy Officer and Deputy General Counsel at Imperva.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • risk-assessment-freepik1170x658v.jpg

    Managing risk in today’s volatile economy

    See More
  • risk management (3).jpg

    Risk management programs don't address today's risk environment

    See More
  • Top 3 Misconceptions About Data After Death - Security Magazine

    Data Breaches and Privacy Concerns Rank High in the Global Risks Report

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing