Consumers rely on businesses to keep their personal information safe. Too few of those businesses are actively protecting that data. Here’s what’s gone wrong, and how

businesses should be responding.

87% of the U.S. population can be uniquely identified using only their gender, date of birth, and ZIP code. It’s not just the most obvious types of PII, such as credit card numbers, that

require protection, according to the U.S. General Accounting Office.

BASIC DEFINITIONSKnow your sensitive data, and the definitions of

the data types to be protected.

Personally Identifiable Information (PII) is the general term for “all about you”. PII can include full name, address, email address, social security or national identification number, passport number, credit card numbers, date of birth, birthplace, biometric information, and medical data.

Protected Health Information (PHI) includes an individual’s past, present, or future physical or mental health conditions wherein the data identifies the individual.

Personal Credit Information (PCI) is any data related to financial credit, such as information in an individual’s credit cards or bank accounts, or the agencies that report on payment history.

Intellectual Property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, computer code, names, and images used in commerce.

Compromised data can lead to identity theft, bank account access, and other negative impacts to your customers and your business.

PII and other sensitive data is increasingly dispersed, today, with the rise of mobile computing, consumer

technology, and cloud computing.

84%

21%50%

of business workers use email to send classified or confidential information:

payroll, customer data, financial information, business plans, etc.

of files uploaded to cloud-based file sharing services

contain sensitive PII.7% of cloud data is PII. By the end of 2016, more than of the Global 1000 companies will store customer-sensitive data in the public cloud.

31%52%

20%of all corporate data uploaded to the cloud is in a customer-relationship

management application (CRM), and 6% of it is sensitive data.

of business users have lost an external or mobile device containing sensitive

business or personal information.

of healthcare organizations, employees store PHI data on their computers; 41% of

healthcare organizations admit to not adequately protecting endpoints.

The problem of dispersed PII is gaining momentum. Data sprawl has resulted in a loss of data visibility, causing many businesses to significantly increase

their risks — and to worry their customers.

79%of customers lose trust in a company that experiences a breach involving their PII.

The average organizational cost of a data breach reached more than $6.3 million in 2015, an increase

of over $1M since 2013. — Ponemon

The list of nations with strict laws regulating the processing of personal data is growing.

IT organizations in the largest companies are unprepared to protect PII.

Despite increasing pressure on companies to show compliance with global data privacy and other industry- specific regulations (HIPAA, FINRA, GLBA, COPPA) that apply to sensitive data, IT lacks confidence to address

these complex issues.

44%of corporate data stored in cloud environments is not manged or controlled by the IT department

51%of companies are confident that they can preserve data on mobile devices for litigation,

regulatory, or investigative requirements.

$3.75M In 2013, Barclays Bank was fined after it was discovered the bank failed to keep critical records.

26% of legal preservation requests now included mobile device data; an often manually complicated and error-prone process.

12%Insider and privilege misuse was responsible for 12% of IP theft.

Identify and Take Action Against Data Risks Across Mobile and Distributed Data

Businesses can take steps to get ahead of the risks and to reduce

their exposure.

Identify and locate sensitive personal data.

Centralize visibility of your data.

Find out who can access customer and employee data.

Implement secure technologies.

Retain data only as long as it’s needed.

Automate risk identification.

Druva’s converged data protection brings datacenter class availability and governance to the mobile workforce. Druva’s inSync proactive compliance solution delivers new, enhanced governance-related capabilities that equip organizations to stay on top of their data, where it’s located and how it’s handled, while at the same time ensuring the integrity of that data if its

authenticity is called into question during litigation.

The new enhanced data governance capabilities include:

DRUVA’S PROACTIVE COMPLIANCE SOLUTION

Learn more about Druva’s proactive compliance capabilities at

druva.com/proactivecompliance

http://resources.ipswitchft.com/rs/ipswitch2/images/eBook%20-%20Are%20employees%20putting%20your%20company%27s%20data%20at%20risk.pdf

https://www.netskope.com/blog/netskope-cloud-report-look-compromised-credentials - Gartner, June 2015

https://www.skyhighnetworks.com/cloud-university/is-the-cloud-secure/Brief

Stolen and Lost devices are Putting Personal healthcare information at Risk: It’s time For Healthcare ciSos to close the Faucet of Data loss From endpoints - Forrester, 2015

http://www.darkreading.com/attacks-and-breaches/sony-data-breach-cleanup-to-cost-$171-million/d/d-id/1097898?

http://www.oracle.com/us/corporate/profit/big-ideas/010312-data-1917731.html

http://www.ponemon.org/blog/ponemon-institute-releases-2014-cost-of-data-breach-global-analysis

http://www.csrps.com/faqs-0

http://www.visionpayments.com/faq/personally-identifiable-information/

http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

http://www.tomsguide.com/us/target-neiman-marcus-data-breach-faq,news-18199.html

http://www.eweek.com/security/personal-information-on-enterprise-devices-carries-security-risks.html

http://www.dhs.gov/sites/default/files/publications/privacy/Guidance/handbookforsafeguardingsensitivePII_march_2012_webversion.pdf

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks

http://www.bbc.com/news/business-25525621

http://blogs.wsj.com/cio/2015/07/10/the-morning-download-outdated-tech-infrastructure-led-to-massive-opm-breach/

Verizon 2015 Data Breach Investigations Report INTELLECTUAL PROPERTY THEFT

SOURCES: