Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Gartner: Most Companies Will Have Data on Assets They Don’t Own or Control By 2019

Analyst firm Gartner predicts that by 2019, 90 percent of organizations will have personal data on IT systems they don’t own or control – a change that necessitates the creation of policies that keep data under the organization’s thumb.

Analyst firm Gartner predicts that by 2019, 90 percent of organizations will have personal data on IT systems they don’t own or control – a change that necessitates the creation of policies that keep data under the organization’s thumb.

“As the amount of personal information increases multifold, individuals and their personal data will increasingly become a security target,” Carsten Casper, research vice president at Gartner, said in a statement. “And, yet in most scenarios the organization is still ultimately accountable for the personal data on its IT systems. The time has come to create an exit strategy for the management of personal data.”

GartnerIn a new report, Casper notes that there are several steps organizations should take to prepare to implement such a strategy. For starters, organizations need to locate and implement the proper protections. There also needs to be clear delineations between personal and non-personal data – meaning a policy that separates data that relates to humans and data that does not. Personal data should be kept separate from other data, according to Gartner.

Companies should also use privacy standards that keep in mind the privacy laws and “cultural expectations” of various regions, and consider the logical location of data as opposed to simply the physical location of where data is stored, according to Gartner.

“Given that this information can be accessed from the other end of the world in a fraction of a second, the physical location should be increasingly irrelevant,” the firm noted in a press release. “Yet this physical location is still what many regulators insist on, although the legal location should be most relevant from a regulatory perspective.”

“As an example, personal data might be stored in a data center of a U.S. cloud provider, which is operated by a third-party service provider from India,” the firm continued. “However, data is encrypted, the Indian IT employees manage only routers and servers, and only European employees of the client can actually see the data. These employees are located in Europe, and bound by a European employment contract and European privacy laws. Logically, the data is in Europe, although legally and physically, it may be somewhere else.”

The report is available on Gartner’s website at

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.