AIIM Report Shows 26% of Organizations Suffered Customer Data Loss or Exposure in Last 12 Months

Share Article

Customer data at risk as 25 percent of organizations do not encrypt sensitive data and struggle to address data privacy

"Many organizations are struggling to secure sensitive and personal data..."

Customer data is more important in business than ever before, with 38 percent of organizations highly dependent on sensitive personal content to drive their business processes. Yet organizations are struggling to address data privacy and security, with 25 percent of organizations not encrypting their most sensitive data, according to new AIIM research launched today.

The new report, ‘Data Privacy – Living by New Rules’, revealed that in the last 12 months, 26 percent of organizations suffered loss or exposure of customer data, with 18 percent losing employee data. As a consequence, 10 percent received action or fines from a regulator, 25 percent saw a disruption to business and 18 percent a loss of customer trust.

“Customer data can be an invaluable asset for any organization, but it is imperative that personal data is kept safe and that consumers are confident their personal details remain private,” said Bob Larrivee, Chief Analyst, AIIM. “But it would seem that many organizations are struggling to secure sensitive and personal data even under current data protection rules, and are confused by the future implications for Safe Harbour and the General Data Protection Regulations.”

Data breaches are much more likely to be due to internal staff than external hackers, with around one half (47 percent) of organizations surveyed having suffered a data breach, exposure or incident in the past 12 months due to staff intent (19 percent) or staff negligence (28 percent). Thirteen percent suffered data loss from external hackers. Despite this, around a quarter of respondents feel that senior management does not take the issue of data privacy breaches seriously.

The research also revealed a lack of familiarity with forthcoming General Data Protection Regulations (GDPR), which are now heading for the statute books across the EU. Thirty-seven percent of those storing Europeans’ data are not familiar with GDPR, including 11 percent who mistakenly think it will not apply to them.

Furthermore, 11 percent consider the recent European Court ruling that largely negates the Safe Harbour arrangement for US companies storing Europeans’ data to be a disaster. Sixty-seven percent are placing increased reliance on other measures and 33 percent are waiting for a renegotiation of Safe Harbour, or clarification through the GDPR.

“If an organization holds data on European citizens, they have to be aware of the need to ensure that European data protection standards apply wherever that information is stored and verify that their organization is taking steps to comply,” continued Bob Larrivee. “GDPR means that both data processors and the organization whose data is being processed are joint data controllers so the organization needs to positively audit the processor, including cloud service providers, to make sure that compliance is being met.”

Organizations are taking some steps, however, to safeguard the privacy and security of the data they hold. Sixty-four percent of respondents claim to encrypt all Personally Identifiable Information (PII) they hold, rising to 75 percent for sensitive personal data.

However, only 38 percent encrypt email addresses, and an astonishing 25 percent of those storing credit card details do not encrypt them – which is likely to be an immediate contravention of the PCI-DSS standard. Twenty percent rely on metadata and content types to drive security, but half of respondents admit to poor metadata standards – a situation that can be improved with the latest metadata correction and data cleaning products.

The research for ‘Data Privacy – Living by New Rules’ was underwritten in part by AvePoint. A copy of the executive summary can be downloaded here.

The survey was taken using a web-based tool by 202 individual members of the AIIM community between October 23, 2015, and November 16, 2015. Invitations to take the survey were sent via e-mail to a selection of the 160,000 AIIM community members.

About AIIM
AIIM has been an advocate and supporter of information professionals for 70 years. The association’s mission is to ensure that information professionals understand the current and future challenges of managing information assets in an era of social, mobile, cloud and big data. Founded in 1943, AIIM builds on a strong heritage of research and member service. Today, AIIM is a global, non-profit organization that provides independent research, education and certification programs to information professionals. AIIM represents the entire information management community, with programs and content for practitioners, technology suppliers, integrators and consultants.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Libba Letton
Email >
Visit website