The gap between security and privacy, and what it will take to bridge it

In this Help Net Security video, Bill Tolson, VP of eDiscovery & Compliance at Archive360, talks about the biggest and perhaps only question in information governance right now: Is enterprise data security good enough to ensure data privacy?

An Archive360 survey of enterprise IT executives reveals that the No. 1 driver for information governance is data security. That’s understandable, but while data security and privacy are symbiotic and even similar, they’re not the same. Governance professionals identify, collate and secure corporate records, which comprise barely 5% of all data in-house. So what happens to the rest?

Here’s why it matters. We’re in a post-GDPR world. PII is no longer just a corporate resource for marketing, analytics, etc. It’s an asset owned by individual data subjects and held in trust by the organization.

This mindset has spawned a raft of legislation. So, if that long-neglected 95% of data includes any PII, the enterprise had better be able to handle it. If not, expect crippling fines and sanctions.

The only alternative is straightforward, perhaps not simple: All corporate data must be actively managed and protected.