C-suite leaders must dedicate considerable attention to data risk assessment (DRA), as a systemized approach to uncovering where sensitive data is, who has access to it and what changes are happening around it.
Data Privacy Challenges Abound
Since the introduction of the General Data Protection Regulation (GDPR) in 2018, dozens of countries have followed suit such as Australia, Brazil, and South Korea as well as various states in the U.S. such as California. In fact, some experts predict that 65% of the world’s population will have its personal information covered under a privacy regulation by 2023.
Though the rapidly accelerating privacy regulations and their associated regulatory burdens are certainly a top concern for the c-suite, this is far from the only data privacy-related risk organizations are facing.
Since 2011, the number of reported data breaches in the U.S. has doubled. In 2020 alone, data security solution provider Varonis confirmed 3,950 data breaches across the globe, some of which resulted in the exposure of hundreds of millions of customer records.
High profile cyber attacks such as SolarWinds and Colonial Pipeline incidents along with emerging conversations surrounding the ethical use of Artificial Intelligence (AI) have increased public scrutiny on data usage and privacy. In fact, a Consumer Reports study found that 74% of U.S. consumers are concerned about personal data privacy with 96% saying companies should do more to protect customer privacy.
However, before an organization can re-engineer its approach to data privacy, it must first understand its current state. This is where the data risk assessment (DRA) come in.
The Data Risk Assessment (DRA)
Similar to cybersecurity risk assessments, a data risk assessment (DRA) is a systemized approach to uncovering where your sensitive data is, who has access to it and what changes are happening around it.