Enterprises Need to Pay More Attention to Data Privacy: Page 2 of 2

Mesabi Musings
Though some may dismiss this as a utopian dream, it might be nice to have one overarching U.S. federal statute that deals with personal information instead of numerous individual state laws. That may or may not transpire, but considering how the Internet allows companies to conduct business with little regard to state boundaries, enterprises must consider the implications about what is happening

And the broad conclusion is that enterprises must understand what data they have, where that data is and how it is being used. They must also be able to manage that data from a confidentiality and data retention perspective and prove they are doing so effectively. The drive to protect personal information of individuals is not the only underlying force.  eDiscovery and compliance requirements are also drivers. Note that this is well beyond what is required for traditional business processes that lead to the fulfillment of organizational objectives, such as revenue generation.

This whole movement toward securing personal information requires formal data governance on the part of enterprises. Data governance, which at one time was a nice thing to have, is moving toward a business critical capability. Although new requirements, such as Massachusetts' 201 CMR 17.00, may be perceived as just one more burden on top of all the other requirements that IT has to meet, enterprises can and should turn a negative into a positive by finding additional ways to extract value out of client information efforts, such as improving overall data quality.