Hoarding data has been the standard practice for most businesses for years. Whether it’s customer data, email, survey data, presentations, reports, zip files, log files, call recordings, employee information, old versions of documents, account information—companies have stockpiled vast amounts of information. Gartner defines this as dark data—“the information that organizations collect, process and store during regular business activities, but generally fail to use for other purposes.”
Worse, organizations typically don’t even know that the data exists. “It’s data that has two problems: First, the fact that we don’t know about it, so we’re not leveraging it. And the second is that it becomes a security problem because you cannot properly manage it and protect it if you don’t know you have it,” says Amit Ashbel, head of marketing for Cognigo, which provides AI-driven, human-free data protection, governance and compliance.
Dark data is difficult to locate. It can be scattered across databases, computers, cloud services, file servers, applications, external drives—basically, any place that stores data. Ashbel points to a Forrester survey which found that 62% of data security professionals in North America said they had no idea where their most sensitive unstructured data resides. Further, Gartner predicts that, through 2021, more than 80% of organizations will fail to develop a consolidated data security policy across silos, leading to potential noncompliance, security breaches and financial liabilities.
“No one has continuous control and governance of this data, which might contain information that is very personal,” Ashbel says. “If you hold that data, you have the responsibility to protect that data. Regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are telling organizations that it’s no longer legal to have dark data; it’s no longer legal not to know.”
Widely publicized data breaches have heightened consumer awareness about what companies are doing to protect their data. Consumers can now request that businesses provide them with their personal data report, and the GPDR requires companies to do so (the CCPA goes into effect on January 1, 2020, also providing consumers with the right to access personal data, among other things).
“The regulations have created a dramatic shift in why dark data has become so important. As a consumer, you might want to see that your information is being used responsibly,” says Ashbel. “If the company has taken a serious approach to the regulations, they’ll respond to your request. If they don’t respond, you should probably be considering whether they’re managing your data responsibly.”
For more on Protecting Customer Data, read Parts 1 & 2 of this series: Balancing Customer Friction & Fraud Prevention and Top Internal Security Risk—Human Error.