Do you know which data compliance standards apply to your organization?
Despite the explosion in data collection among companies in every sector and the well-documented risks of cyber threats, a new Liaison Technologies survey of nearly 500 US C-level executives and senior-level managers reveals that nearly half (47%) are unsure which information security and privacy regulations apply to their organizations.
This troubling statistic suggests that US organizations may still have a long way to go in getting a handle on the privacy and security regulations affecting their industries, even as breaches and their resulting financial impacts become more prevalent and expensive.
“What we found was rather concerning and further evidence of the strong need for comprehensive solutions that can help organizations maintain continuous compliance when handling regulated or other sensitive data, whether the data resides on premises or in the cloud,” said Hmong Vang, Chief Trust Officer with Liaison.
Organizations could be failing their customers or unnecessarily putting data at risk by underestimating the importance – and ongoing effort – of maintaining compliance. Some 25 percent of respondents say it’s unclear who in their organization is responsible for compliance and barely half consider their data to be secure in the cloud, raising questions about how high of a priority data protection is, despite well-publicized data breaches.
Personal liability may be vastly underestimated as well with 85 percent of respondents indicating they do not feel their job security is at risk due to compliance issues. In contrast, the U.S. Department of Health & Human Services alone has investigated over 24,000 cases of HIPAA privacy violations, forcing violators to pay settlements totaling nearly $4 million and referring some cases to the Department of Justice for criminal investigation—a risk that far exceeds job security.