The issue of not knowing whatdata a company has often arises in the context of mergers andacquisitions, particularly among those businesses that acquiresmaller ones. (Photo: LeoWolfert/ Shutterstock.com)
When it comes to an awareness ofwhat data they have and where it resides, health care organizationsmay suffer from overconfidence, despite experiencing thesecond-largest amount of cybersecurity breaches, suggests a new study ondata privacy management within the industry.
|Seventy percent of the surveyrespondents—made up of 258 top business executives and informationtechnology decision makers within mid- to large-size U.S.companies—reported that they were “very confident” or “extremelyconfident” in knowing exactly where sensitive data resides.However, only half of the respondents said they update theirinventory of personal data once a year or less.
|“Because of the massive volumeof data that people are dealing with, you really need to usetechnology to crawl that data to understand what's there,”Kristina Bergman, CEO and founderof data privacy automation provider Integris Software Inc., said inan interview. Then “companies can actively assess their risk andproactively make decisions about how to manage thedata.”
|Related: Health care data hacks drawing attention ofCongress
|The Seattle-based company conducted the survey, whichit dubbed the Integris Software 2019 Healthcare Data and PrivacyMaturity study.
|The issue of not knowing what data a company has often arises inthe context of mergers and acquisitions, particularly among thosebusinesses that acquire smaller ones, and in the case of datatransfer agreements, especially with credit card processors orthird parties, Bergman said, addingthat the oversight generally is notnegligent.
|“The reality is that the people who are negotiating thoseagreements, the lawyers and [business representatives], are not thesame people who are opening up the pipes and transferring thedata,” she said. “The IT people aren't reading and checking thecontract.”
|To help remedy this unawareness, Bergman suggests continuouslyand automatically monitoring andmapping the sensitive data that companies collect and store acrosslocations.
|“It is good to know immediately,which will catch things before they become issues,” shesaid.
|Other findings from the surveyinclude:
- Respondents were much moreconfident in their own ability to respect data-sharing agreements than theirpartners' ability to reciprocate in kind, with a nearly61 percent increase in “very confident” and “extremely confident” levels intheir own compliance efforts versus theirpartners.
- The health care industry is better prepared for securitycompliance mandates than other industries, with 35 percentscoring themselves as “fully prepared” for the European Union's General Data ProtectionRegulation, though only 16 percent said they were “fullyprepared” for the California Consumer Privacy Act.
- Organizations are using several types of tools to discover andtrack the location of personal information, including surveys andspreadsheets, metadata management and data catalog.
Read more:
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
- Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events
- Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
