Accenture: Perception of data security at odds with reality

by Editor 4/28/2010 6:51:00 PM

Nearly three-quarters of organizations believe they have adequate policies in place to protect sensitive, personal information, yet more than half have lost sensitive data within the past two years — and nearly 60 percent of those organizations acknowledge data loss as a recurring problem, according to findings of a global study released today by Accenture.

The study — which surveyed more than 5,500 business leaders and 15,500 adult consumers in 19 countries — reveals a startling difference between organizations’ intentions regarding data privacy and how they actually protect sensitive personal information, such as name, address, date of birth, race, National ID/social security number and medical history.  The study was conducted in conjunction with the Ponemon Institute, an independent privacy, protection and information security research firm.

“The volume of sensitive personal information being collected and shared by organizations has grown exponentially in recent years, making data protection a critical business issue and not just a technology concern,” said Alastair MacWillson, managing director of Accenture’s Security practice. “Our study underscores the importance of taking a comprehensive approach to data privacy and protection, one that closes the gaps between business strategy, risk management, compliance reporting and IT security.”

Global business findings

Fifty-eight (58) percent of business respondents have experienced at least one data security breach over the past two years, yet 73 percent said their organization has adequate policies to protect the personally identifiable information it maintains.

While 70 percent agreed that organizations have an obligation to take reasonable steps to secure consumers’ personal information, there are discrepancies in their commitments for doing so:

  • Forty-five (45) percent of respondents were unsure about or actively disagreed with granting customers the right to control the type of information that is collected about them.
  • Forty-seven (47) percent were unsure about or disagreed with customers having a right to control how this information is used.
  • Nearly half also did not believe it was important or very important to: limit the collection (47 percent) or sharing (46 percent) of sensitive personal customer information; protect consumer privacy rights (47 percent); prevent cross-border transfers of personal information to countries with inadequate privacy laws (47 percent); prevent cyber crimes against consumers (48 percent); or prevent data loss or theft (47 percent).

The study revealed that the biggest causes of data loss are internal — problems presumably well within an organization’s ability to detect and correct. For instance, business or system failure (57 percent) and employee negligence or errors (48 percent) were cited most often as the source of the breaches; cyber crime was cited as a cause of only 18 percent of security breaches.

While many organizations believe that complying with existing regulations is sufficient, it appears that compliance alone may not be enough to protect sensitive data.  For instance, 70 percent of respondents said they regularly monitor privacy and data protection regulatory compliance requirements, yet data breaches have occurred in 58 percent of organizations polled.

The study also identified significant differences in terms of attitudes and policies regarding data privacy and protection between organizations that had not experienced any data-security breach in the past two years and those that had.  Specifically, respondents in organizations that did not have a data-security breach:

  • were more likely to know where personal information on customers and employees resides within their organization’s IT enterprise (75 percent versus 66 percent); and
  • were more likely to feel an obligation to control who has access to personal data (72 percent versus 60 percent).

Global consumer findings

More than two-thirds (70 percent) of consumers surveyed around the world believe that privacy of their personal information is important or very important, yet 42 percent are skeptical that organizations are doing enough to adequately protect the personally identifiable information they have shared, revealing an overall lack of trust.

The study suggests that while consumers want to ‘own’ their personal information, they feel organizations have a responsibility for managing and protecting it.  For instance:

  • Fifty-three (53) percent of consumers said they believe they have the right to control how their personal information is used. The same percentage said they believe they have a right to access and review the data collected and used by organizations.
  • When asked who has the most responsibility for ensuring that information is adequately protected, 41 percent of consumer respondents said the government, 21 percent said companies, 19 percent said the individual, and 20 percent said it should be a shared effort.

 “The findings reinforce the critical role that data privacy plays in maintaining trust between organizations and their consumer and business customers,” said Bojana Bellamy, Accenture’s director of Data Privacy and vice president of the International Association of PrivacyProfessionals. “A proactive approach to data protection and privacy can not only help organizations avoid fines for non-compliance but, even more importantly, can help avoid breaches that can alienate customers and destroy brand credibility.”

Digg It!DZone It!StumbleUponTechnoratiRedditDel.icio.usNewsVineFurlBlinkList

Arthur D. Little: Creating competitive advantage by transforming data into intelligence

by Editor 4/22/2010 11:36:00 AM

In today’s high-risk world, foreseeing potential problems and eliminating them before they happen is the ideal many executives strive toward. As business environments move at a rapid pace, making the most of the increased volumes of available market and customer data has become business critical, a new report from management consultancy Arthur D. Little warns.

According to the report "The Art of Systematic Surveillance,” many executives miss the opportunity to use their data for strategic decision-making, instead relegating it to a “data management” task carried out by IT. However, as marketing directors and other business unit heads # are increasingly forced to make quick on-the-spot decisions, a single view of all company-critical data will give them the information needed to to respond quickly and confidently to threats and market challenges .

The report outlines a centralised approach to intelligence management that facilitates the collection and analysis of all company data, and allows leaders across the business to quickly access up-to-the-minute market intelligence.

“Our experience shows that many B2B companies fail to use their data to support long-term decision-making, and the same can be said for B2C businesses facing new consumer trends and shifts to emerging markets," said Per I. Nilsson, Global Head of Arthur D. Little’s Technology & Innovation Management Practice. “Organizations today are sitting on virtual mountains of unused data and changes in the competitive landscape, technologies and business models all mean it is more important than ever to dust off this data and use it wisely by taking a centralized approach to intelligence management.”

Arthur D. Little suggests five business functions where competitive intelligence can be successfully applied:

1. Procurement – identifying supply bottlenecks and changes in competitor activity

2. R&D – scouting new technology to gain early advantage

3. Marketing – monitoring competitor positioning strategy and advertising efforts

4. Sales/after-sales – monitoring competitor sales approaches and distribution channels

5. Human Resources –debriefing new employees and analyzing competitor compensation models

Digg It!DZone It!StumbleUponTechnoratiRedditDel.icio.usNewsVineFurlBlinkList

CARE IT 3 Peaks Challenge: Last chance to sign up

by Editor 4/8/2010 11:27:00 AM

Just a few places remain for the annual CARE IT 3 Peaks Challenge, taking place on 12-13 June 2010 in aid of CARE International. The charity is urging teams from across the IT industry to sign up before they miss out.

The annual challenge will see teams of colleagues taking on the three highest peaks in Scotland (Ben Nevis, 1,334m), England (Scafell Pike, 978m) and Wales (Snowdon, 1,085m) all in the target time of 24 hours.

Last years event raised £50,000 to support CAREs poverty-fighting work. CARE hopes to double that in 2010, and raise £100,000 to support its poverty-fighting work.

Teams already signed up include Barclays, Accenture, Harvey Nash and many more teams from IT departments or IT firms.

CAREs Challenge Manager, Neil Munro, said, The 3 Peaks Challenge is a classic British mountaineering event, a rightfully famous challenge. This event for the IT sector is an ideal teambuilding and networking opportunity for teams, as well as being tremendous fun. Funds raised by previous challenges are already achieving fantastic things around the world, and were delighted so many fantastic teams will be giving it a go this year.

The CARE Challenge team offer expert advice and support with training, fundraising and PR, and with 15 years experience the team will ensure and fun and safe event, with a well deserved dinner and celebratory awards following the challenge.

Digg It!DZone It!StumbleUponTechnoratiRedditDel.icio.usNewsVineFurlBlinkList