As we have discussed in a previous blog post about Sony, the consequences of a data breach reach beyond the initial loss of data. The latest company to experience this is Arby's.
They have announced that their point-of-sale system had been compromised by intruders from October 2016 to January 2017. In total, 335,000 customers had their credit and debit card information exposed at over 1,000 Arby's locations.
Almost immediately after the announcement, Arby's has been hit with multiple class action lawsuits. One is being led by affected customers, while another was filed by four credit unions and the Michigan Credit Union League. The credit unions are seeking damages related to the cost of canceling and reissuing cards, changing or closing accounts, and notifying members of the breach. Both suits allege that Arby's had lax security practices, which led to the breach.
We posted a blog earlier this week discussing how information governance affects overall information security and that applies directly in this case. While Arby's clearly had some external security vulnerabilities, they could have mitigated some of the damage with effective information governance practices.
IG Should Be Your Company's First Line of Defense
It is always superior to have a proactive approach to your data. Once a breach or violation happens, it is too late, the damage is already done.
There is already a lot of research available about the benefits of Information Governance. I have included a list below of some of the most relevant benefits.
- Business Differentiator. I have listed this first because it is often overlooked. Consumers are making buying decisions based on privacy. An Information Governance program will improve the security, reliability, integrity and accessibility of your data. This can be used as a competitive advantage in the marketplace.
- Reduced storage and infrastructure cost. If you are doing a better job of managing your data, you will have less of it, therefore, reducing the Redundant, Obsolete and Trivial (ROT) data in your organization.
- Reduce risk by improved compliance. The cost of non-compliance can be financially devastating to an organization. Being in compliant will reduce your risk of unexpected costs, but also reduces the risk of other things that may not be as obvious, such as potentially damaging media coverage and loss of clients.
- Reduce eDiscovery costs. This can go hand in hand with non-compliance as eDiscovery can be very costly to an organization. If you have implemented an Information Governance program, you should "only" have the data that is required by your policies, making eDiscovery easier, and you will be able to locate the relevant data quicker.
- Adaptability. We live in a fast-paced world that is constantly changing. Organizations need to have control over their data so they can react to change, find the relevant data quickly, and immediately comply with new standards.
We recently held a webinar to further break down how cleaning up your data and committing to an information governance program reduces compliance risk. CLICK HERE for the link to the recording and slides of that presentation.
Once you have cleaned up that legacy ROT data and created a process for moving forward, the course corrections and adjustments in the future are exponentially easier. The key is laying down that essential groundwork. IG improves every function of your enterprise related to information, from eDiscovery and legal holds to email.
By Kevin Bley