IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Gartner leads calls for tighter personal data management procedures

Market watcher claims firms must act now to prevent personal information falling into the wrong hands.

Private and confidential

Market watcher Gartner claims companies should do more to safeguard the personal data stored on their IT systems.

The analyst predicts 90 per cent of organisations will have personal data stored on IT systems they don't own or control by 2019.

This data is likely to become a lucrative target for cyber criminals in the future, as CIOs and IT directors tighten up security around vulnerable IT systems.

"As protection for such infrastructure improves, the attackers' attention shifts to softer targets, such as employees, contract workers, citizens and patients," Gartner warned.

As a result, the organisation is calling on firms to introduce personal data management strategies to stop this information from falling into the wrong hands.

 These strategies will need to set out exactly what constitutes personal data, where is stored in the organisation and how it can be protected.

"Personal data should not be combined with other data, if possible," Gartner advised.

"Any technology that processes personal data in the same way it processes non-personal data creates a risk...[and] content should be analysed before decisions are made about protection."

The strategy must also take current data privacy regulation into consideration, and should also feature rules that take into account the nature of the organisation's business.

"The most difficult challenge for organisations is to make such rules binding on all entities involved, including all employees, and accept liability in cases where employees or customers suffer harm," the advisory added.

Carsten Casper, research vice president at Gartner, said it is important for organisations to get a handle on this now, as personal data volumes will only continue to grow in size.

"The time has come to create an exit strategy for the management of personal data. Strategic planning leaders will want to move away from storing and processing personal data in the next five years," Casper predicted.

"The PCI Data Security Standard (DSS) requires the implementation of stringent controls of those who collect and store credit card data. In response, many companies have decided to eliminate credit card data from their own systems and completely entrust it to an external service provider," he continued.

"The same could happen with personal data. If control requirements are too strong and implementation is too costly, it would make sense to hand over personal data to a specialised 'personal-data processor'."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Attracting and retaining talent through training

Attracting and retaining talent through training

13 Jun 2022