Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

many organisations are struggling to secure sensitive and personal data even under current data protection rules

Customer data at risk as 25% of organisations do not encrypt sensitive data and struggle to address data privacy

Silver Spring, Md., January 19, 2016 – Customer data is more important in business than ever before, with 38% of organisations highly dependent on sensitive personal content to drive their business processes. Yet organisations are struggling to address data privacy and security, with 25% of organisations not encrypting their most sensitive data, according to new AIIM research launched today.

The new report, ‘Data Privacy – Living by New Rules’, revealed that in the last 12 months, 26% of organisations suffered loss or exposure of customer data, with 18% losing employee data. As a consequence, 10% received action or fines from a regulator, 25% saw a disruption to business and 18% a loss of customer trust.

“Customer data can be an invaluable asset for any organisation, but it is imperative that personal data is kept safe and that consumers are confident their personal details remain private,” said Bob Larrivee, Chief Analyst, AIIM. “But it would seem that many organisations are struggling to secure sensitive and personal data even under current data protection rules, and are confused by the future implications for Safe Harbour and the General Data Protection Regulations.”

Data breaches are much more likely to be due to internal staff than external hackers, with around one half (47%) of organisations surveyed having suffered a data breach, exposure or incident in the past 12 months due to staff intent (19%) or staff negligence (28%). 13% suffered data loss from external hackers. Despite this, around a quarter of respondents feel that senior management does not take the issue of data privacy breaches seriously.

The research also revealed a lack of familiarity with forthcoming General Data Protection Regulations (GDPR), which are now heading for the statute books across the EU. 37% of those storing Europeans’ data are not familiar with GDPR, including 11% who (mistakenly) think it will not apply to them.

Furthermore, 11% consider the recent European Court ruling that largely negates the Safe Harbour arrangement for US companies storing Europeans’ data to be a disaster. 67% are placing increased reliance on other measures and 33% are waiting for a renegotiation of Safe Harbour, or clarification through the GDPR.

“If an organisation holds data on European citizens, they have to be aware of the need to ensure that European data protection standards apply wherever that information is stored and ensure their organisation is taking steps to ensure compliance,” continued Bob Larrivee. “GDPR means that both data processors and the organisation whose data is being processed are joint data controllers so the organisation needs to positively audit the processor, including cloud service providers, to ensure that compliance is being met.”

Organisations are taking some steps, however, to ensure the privacy and security of the data they hold. 64% of respondents claim to encrypt all Personally Identifiable Information (PII) they hold, rising to 75% for sensitive personal data.

However, only 38% encrypt email addresses, and an astonishing 25% of those storing credit card details do not encrypt them – which is likely to be an immediate contravention of the PCI-DSS standard. 20% rely on metadata and content types to drive security, but half of respondents admit to poor metadata standards – a situation that can be improved with the latest metadata correction and data cleaning products.

The research for ‘Data Privacy – Living by New Rules’ was underwritten in part by AvePoint. A copy of the executive summary can be downloaded here.

The survey was taken using a web-based tool by 202 individual members of the AIIM community between October 23, 2015, and November 16, 2015. Invitations to take the survey were sent via e-mail to a selection of the 160,000 AIIM community members.

About AIIM
AIIM has been an advocate and supporter of information professionals for 70 years. The association’s mission is to ensure that information professionals understand the current and future challenges of managing information assets in an era of social, mobile, cloud and big data. Founded in 1943, AIIM builds on a strong heritage of research and member service. Today, AIIM is a global, non-profit organisation that provides independent research, education and certification programs to information professionals. AIIM represents the entire information management community, with programs and content for practitioners, technology suppliers, integrators and consultants.

# # #
Paul Allen
Sarum PR
+44 (0) 1 722 322916

This press release was distributed by ResponseSource Press Release Wire on behalf of Sarum PR in the following categories: Business & Finance, Public Sector, Third Sector & Legal, Computing & Telecoms, for more information visit