This document discusses the growing problem of businesses failing to adequately protect consumers' personal information. It notes that personal data has become increasingly dispersed across mobile devices and cloud computing. While this increases risks, many businesses are not taking proper steps to identify, locate, and protect sensitive personal data from unauthorized access and data breaches. The document provides recommendations for businesses to better secure personal information by identifying where it is stored, limiting access, implementing secure technologies, and automating risk identification.

1. Consumers rely on businesses to keep their personal
information safe. Too few of those businesses are actively
protecting that data. Here’s what’s gone wrong, and how
businesses should be responding.

2. 87%
of the U.S. population can be uniquely identified using only
their gender, date of birth, and ZIP code. It’s not just the
most obvious types of PII, such as credit card numbers, that
require protection, according to the U.S. General Accounting Office.

3. BASIC DEFINITIONS
Know your sensitive data, and the definitions of
the data types to be protected.
Personally Identifiable Information (PII)
is the general term for “all about you”. PII can
include full name, address, email address, social
security or national identification number,
passport number, credit card numbers, date
of birth, birthplace, biometric information, and
medical data.
Protected Health Information (PHI)
includes an individual’s past, present, or future
physical or mental health conditions wherein the
data identifies the individual.
Personal Credit Information (PCI)
is any data related to financial credit, such as
information in an individual’s credit cards or
bank accounts, or the agencies that report on
payment history.
Intellectual Property (IP)
refers to creations of the mind, such as
inventions; literary and artistic works; designs;
and symbols, computer code, names, and images
used in commerce.
Compromised data can lead to identity theft, bank account access, and
other negative impacts to your customers and your business.

4. PII and other sensitive data is increasingly dispersed,
today, with the rise of mobile computing, consumer
technology, and cloud computing.

5. 84%
21%
50%
of business workers use
email to send classified or
confidential information:
payroll, customer data, financial
information, business plans, etc.
of files uploaded
to cloud-based file
sharing services
contain sensitive PII.
7% of cloud data is PII. By the end
of 2016, more than
of the Global 1000
companies will store
customer-sensitive data in the
public cloud.

6. 31%
52%
20%
of all corporate data
uploaded to the cloud is
in a customer-relationship
management application (CRM), and
6% of it is sensitive data.
of business users have
lost an external or mobile
device containing sensitive
business or personal information.
of healthcare organizations,
employees store PHI data
on their computers; 41% of
healthcare organizations admit to not
adequately protecting endpoints.

7. The problem of dispersed PII is gaining momentum.
Data sprawl has resulted in a loss of data visibility,
causing many businesses to significantly increase
their risks — and to worry their customers.

8. 79%
of customers lose trust in a company
that experiences a breach involving
their PII.

10. The average organizational cost of a data breach
reached more than $6.3 million in 2015, an increase
of over $1M since 2013. — Ponemon

11. The list of nations with strict laws regulating the
processing of personal data is growing.

13. IT organizations in the largest companies are
unprepared to protect PII.

14. Despite increasing pressure on companies to show
compliance with global data privacy and other industry-
specific regulations (HIPAA, FINRA, GLBA, COPPA) that
apply to sensitive data, IT lacks confidence to address
these complex issues.

15. 44%
of corporate data stored in cloud
environments is not manged or
controlled by the IT department
51%
of companies are confident
that they can preserve data on
mobile devices for litigation,
regulatory, or investigative requirements.
$3.75M
In 2013, Barclays
Bank was fined
after it was
discovered the bank failed to keep
critical records.

16. 26% of legal preservation requests now included mobile
device data; an often manually complicated and
error-prone process.
12%
Insider and privilege
misuse was responsible
for 12% of IP theft.

17. Identify and Take Action Against Data Risks Across
Mobile and Distributed Data
Businesses can take steps to get
ahead of the risks and to reduce
their exposure.

18. Identify and locate sensitive personal data.
Centralize visibility of your data.
Find out who can access customer and employee data.
Implement secure technologies.
Retain data only as long as it’s needed.
Automate risk identification.

19. Druva’s converged data protection brings datacenter class availability and
governance to the mobile workforce. Druva’s inSync proactive compliance
solution delivers new, enhanced governance-related capabilities that equip
organizations to stay on top of their data, where it’s located and how it’s
handled, while at the same time ensuring the integrity of that data if its
authenticity is called into question during litigation.

20. The new enhanced data governance capabilities include:
DRUVA’S PROACTIVE
COMPLIANCE SOLUTION

21. Learn more about Druva’s
proactive compliance capabilities at
druva.com/proactivecompliance

23. http://resources.ipswitchft.com/rs/ipswitch2/images/eBook%20-%20Are%20employees%20putting%20your%20company%27s%20data%20at%20risk.pdf
https://www.netskope.com/blog/netskope-cloud-report-look-compromised-credentials - Gartner, June 2015
https://www.skyhighnetworks.com/cloud-university/is-the-cloud-secure/Brief
Stolen and Lost devices are Putting Personal healthcare information at Risk: It’s time For Healthcare ciSos to close the Faucet of Data loss From endpoints - Forrester, 2015
http://www.darkreading.com/attacks-and-breaches/sony-data-breach-cleanup-to-cost-$171-million/d/d-id/1097898?
http://www.oracle.com/us/corporate/profit/big-ideas/010312-data-1917731.html
http://www.ponemon.org/blog/ponemon-institute-releases-2014-cost-of-data-breach-global-analysis
http://www.csrps.com/faqs-0
http://www.visionpayments.com/faq/personally-identifiable-information/
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
http://www.tomsguide.com/us/target-neiman-marcus-data-breach-faq,news-18199.html
http://www.eweek.com/security/personal-information-on-enterprise-devices-carries-security-risks.html
http://www.dhs.gov/sites/default/files/publications/privacy/Guidance/handbookforsafeguardingsensitivePII_march_2012_webversion.pdf
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks
http://www.bbc.com/news/business-25525621
http://blogs.wsj.com/cio/2015/07/10/the-morning-download-outdated-tech-infrastructure-led-to-massive-opm-breach/
Verizon 2015 Data Breach Investigations Report INTELLECTUAL PROPERTY THEFT
SOURCES: