The Current State of IT Security and Privacy Policies and Practices
Protiviti recently conducted a survey on IT security and privacy standards, policies and practices. Respondents provided feedback on how their organizations are classifying and managing the data they accumulate on a daily basis, and specifically how they are handling the security of “sensitive” data that is critical not only to ensure customer and/or client privacy, but also to comply with federal and state privacy laws and regulations.
The findings reveal that companies are doing many things well, but there is significant room for improvement and cost savings. Of particular note:
- Data classification – Organizations can benefit greatly from improving the differentiation between “sensitive” data and other information.
- Security policies – Companies have an opportunity to reduce their legal/regulatory and reputation risks significantly by implementing appropriate data security policies and practices.
Protiviti Managing Director Cal Slemp offers analysis and commentary on the findings in his IT Security and Privacy Survey podcast.