Please noteā€¦

You are now on the ey.com Global site. To return to the ey.com United States site or other country site, click on the Global (English) link on the upper right of this page, and select your preferred country site.

x
Skip to main navigation

Top 11 privacy trends for 2011 - 6. Increased investment - Ernst & Young - Global

Top 11 privacy trends for 20116. Increased investment

Summary: Organizations understand the significance of data protection. They are increasing their investment around personal information, in part because of regulation, but also because of increasing risks.

In 2011 we will see an increase in privacy and data protection investments that will focus on two issues:

  1. Program initiatives
  2. Technical controls

Organizations will once again review their governance structure through a privacy and security lens.

They will:

  • Launch new privacy programs, including:
    • updated policies
    • new procedures
    • awareness programs
  • Recruit talent accordingly

Reacting to the global economic downturn, many organizations reduced compliance and risk management positions.

Reinvesting in data loss prevention

As organizations start to rebound economically, and as privacy risks increase, organizations will start to re-invest in related positions. The increased use of tools to protect privacy, such as data loss prevention (DLP) solutions, will also require appropriate staffing to monitor and respond to technology alerts.

In terms of technical controls, 2011 promises more spending in this area as organizations rely more heavily on controls to manage personal information.

In addition to the GRC and DLP technologies mentioned in previous sections, organizations will continue to invest in internal monitoring solutions to monitor inappropriate activity by insiders who use — and may be abusing — personal information.


Good care depends on patient/doctor confidentiality

In health care, privacy goes back thousands of years to the Hippocratic Oath. The health care profession realized, even then, that the ability to provide care to individuals requires that the interactions between physician and patient remain confidential.

Privacy enables trust, and trust is at the core of providing care. If that trust is absent, there can be negative consequences to the health of a patient, as they may not seek the treatment they need.

Once privacy is breached, trust is eroded

Unlike breaches in other industries, where you may be able to reimburse an individual after a breach, it is not possible to compensate an individual for an irreversible breach of their privacy.

Trust is eroded.

Historically, the health care industry’s focus has been on regulatory compliance. The notion of security as a discipline that is separate from compliance is still relatively new.

But as health care increasingly relies on technology as a means of providing care, security needs to mean more than basic guidelines on password length and not inappropriately sharing information.

The growing reliance on technology exposes the health care industry to new threats that go beyond those that have traditionally been a concern to health care.

“New and rapidly evolving technologies have also increased the stakes in that a breach may now involve thousands of records,“says Patrick Heim, Chief Information Security Officer, Kaiser Permanente. “Continuously adapting to changing threats and evolving technologies to manage risk and ensure patient privacy is the challenge we face in health care.”

Three ways to stay on top of data loss prevention investments
  1. Assess your budget needs in light of the evolving risk and compliance landscape.
  2. Review the necessary positions for effective governance over your privacy and data protection activities.
  3. Consult with your organization’s privacy professionals regarding the investment in technology to monitor the use (and possible abuse) of personal information.

« Previous | Next »

Inside

Related content

  • Are you throwing money at your risk problems?
    Companies must demonstrate sound risk management. But spending big on compliance doesn't translate into true stability. Sound familiar? Stop the spending spree.
  • New information technology is both friend and foe — borderless security
    In a world of anytime, anywhere access to information, traditional security efforts are not enough. Our survey explores the risks and obligations you face to keep information secure.

Download

Contact

Feedback

Back to top