Data security consistently tops the laundry list of security priorities because it must. Organizations are collecting data, creating data, using data, and storing data in some way or another. Mishandle data or disregard privacy, and you’ve got a public relations fiasco on your hands with the potential to disrupt business operations or hurt the bottom line.
So, we know that data security is a priority, but what does that mean? What are organizations actually doing here? How much are they spending, and where are they focusing their efforts? And what are they doing about privacy? I’ve dug into data from Forrester’s Forrsights Security Survey, Q2 2012 and data from the International Association of Privacy Professionals (IAPP) to answer these questions in a newly published benchmarks report for our Data Security and Privacy playbook. Note: This is not a shopping list, nor a check list, nor is it a “spend x% on data security because your peers are doing so!” manifesto. This report is meant to be a starting point for discussion for S&R pros within their organizations to take a closer look at their own data security and privacy strategy.
I spent a jam-packed day with security software and services provider AVG last week, checking out their 2013 product line-up for free antivirus and paid premium products, and participating in roundtable discussions with press, analysts, and AVG executives about consumer security, mobile, privacy and policy. Here are my reactions to what AVG is doing:
LIKE: Consumer data (yes, I’m biased here, being the data nerd). AVG has lots of it and it’s all free. This is awesome because it’s a great resource not just for the industry but for other parties to use in education and awareness program design. They’ve done studies across 11 countries for their Digital Diaries studies, surveying parents and kids of different age brackets from 0 to 17 to understand online behaviors and attitudes. Here’s a data nugget that caught my attention: by the time they are two years old, 81% of children have some kind of digital footprint (online photographs, personal data, email and/or social networking accounts). 81%!
Eighteen months ago, when I started down the path of what would become our body of Personal Identity Management (PIDM) research, there were only a few customer intelligence professionals who gave much credence to the picture we were painting. What a difference a year makes. Today, privacy, data governance, consumer empowerment, and understanding "the creepy factor" are core to the conversations I have with CI pros in both marketer and vendor organizations.
At the center of those conversations is often the question, "Who are the players in tomorrow's consumer data ecosystem?" We've just published a report, Making Sense of a Fractured Consumer Data Ecosystem, that reviews the strengths and weaknesses of four existing vendor categories plus three emergent business models. These include:
Consumer data giants: Companies, like Acxiom, Epsilon, Experian, and Infogroup, that have an opportunity to become consumer-friendly data managers but are at greatest regulatory risk
Reputation management providers: Companies, like Intelius and Reputation.com, that could help consumers manage data access but need to focus on their B2C business models to do so
Online services giants: Companies, like Google, MSN, and Yahoo, that already have access to highly personal data but serve too many masters