There is more data available to organizations today than ever before. In 2015 alone, customers, employees, and other users created about 7.9 zettabytes of data globally -- and that number is expected to reach 35 zettabytes in 2020.
The type of information companies are collecting is also multiplying -- from traditional sources such as customer mailing addresses and phone numbers to more advanced demographics, web histories, shopping preferences, and even biometric data.
Advances in technology, computer power, and analytics mean companies can collect and process data in almost real-time. This may lead executives to believe that the more data they have, the greater their advantage. However, collecting a virtually unlimited amount of data can create a serious threat for organizations, because the amount collected often outstrips the ability to protect it.
In fact, when CEB surveyed 54 information risk executives around the globe in 2015, more than three-quarters of them indicated it is harder, or significantly harder, to prevent data breaches than in the past.
If a company does have a data breach containing certain types of sensitive personal information, such as social security numbers or health records, it can trigger additional burdensome legal duties and invite increased regulatory scrutiny, not to mention potential reputational damage.
[Are your new-hire contracts doing more harm than good? Read Why I Banned Non-Compete Clauses From Our Hiring Practices.]
The simplest way to protect sensitive data is not to have it in the first place. But companies drawn in by big data's tantalizing promises often collect too much information in the hopes they will find the time and resources to analyze it later.
Worse, companies often keep data long after its usefulness has passed. Ultimately, there's a difference between big data and "lots of data," and organizations need to regularly evaluate how they use data and set clear guidelines for what they collect and store.
Assessing and evaluating the true value of data, and the potential risk of a breach, will help IT leaders set their data strategy and avoid collecting too much. But IT can't do it alone. Creating a sensible data management strategy requires input from stakeholders across the business.
CIOs and other IT leaders charged with managing and protecting data can get the conversation started by asking these six questions:
Information drives many aspects of corporate performance. That said, failing to secure data -- lingering reputational harm. IT professionals have has a role to play in helping their companies adequately assess and evaluate the true value of their data and the potential risk of a breach in order. The best way to do this is to set a successful data strategy and to avoid collecting too much information.Brian Lee is a Practice Leader in CEB's Compliance and Legal Practice. He advises chief privacy officers, as well as chief compliance and ethics officers, about how to orchestrate successful privacy and compliance programs in concert with their peers. View Full Bio