Vast rivers of data generated from E-business and customer-relationship initiatives flow through companies, regardless of date or time. Yet before businesses can effectively protect people's privacy, a clear understanding of the type and value of this data is critical. But to what extent have corporate data experts understood or categorized this flood of information?

To gauge this effort, InformationWeek Research looked at an early sampling of its Global Information Security Survey, a Web and mail-based study that's fielded by PricewaterhouseCoopers, and found that in the United States the data embrace is anything but a bear hug.

Judging by the responses of 2,092 U.S. security professionals who completed the survey, businesses are concentrating more on data management and information protection than on data classification. Nearly three in five respondents work at a company with a security policy that outlines the protection, disclosure, and destruction of corporate data. Asked where their employers are focusing security spending, 35% report the protection of customer data stores while nearly the same number, 33%, say what matters most is the protection of intellectual property. Obviously, both are critical--and yet if your system doesn't delineate one from another, it's hard to fine-tune your defenses.

These practices appear to be aimed more at blanket coverage than the protection of specific information. But privacy concerns are escalating. And businesses that aren't striving to classify business intelligence--including the safekeeping of customer and employee data--could face severe repercussions.

Some U.S. companies may be able to sidestep this possibility--at least the ones employing the 36% of security professionals who say their company has a security policy that classifies the value of corporate data; or the 21% that made creating data ownership and classification standards a business priority in the last 12 months.

But if business conditions continue downward and companies find themselves in need of revenue or must placate investors, classification practices might change. After all, consumer intelligence can fetch substantial sums. And the choice between a company's survival and closing can test even the most ethically correct of executives.

For now, that isn't the case. Not only did the recent demise of dot-coms test this business practice and falter under public pressure, a recent business ethics study conducted by InformationWeek Research finds that few companies overall are parting with their data. Of 250 IT and business professionals interviewed, only 6% say their employers are willing to share consumer information for a price.

What steps are being taken by your company to better understand its data stores and mollify privacy concerns among consumers and employees? Let us know at the address below.

Helen D'Antoni
Research Manager
hdantoni@cmp.com

Rollout Is Sluggish Data classification promises many rewards, including avoiding possible mismanagement of customer and employee data through better understanding. Yet businesses remain reluctant to commit their IT departments to this endeavor. Of the 2,092 U.S. security professionals surveyed by InformationWeek Research, only one in five say data ownership and classification standards are a company priority. This number isn't expected to soar any time soon: Just one in four expect both initiatives will be company objectives in the next 12 months. That's surprisingly small, considering the public-relations disaster companies may endure if they're tarred publicly as abusers of customer data.