The weak economy means businesses are cutting costs just to survive the downturn. That means that extra money that may have been spent on data security or the protection of personal information may be overlooked when compared to other expenses that a business needs to incur.
One of the ongoing struggles that privacy professionals around the world endure, particularly privacy officers, is convincing senior management in organizations that the management and security of personal information is extremely important. I have personally worked for two organizations where I encountered the same hurdle.
The longer a company retains data, the more of a liability it becomes.
And now, as if senior management wasn’t hard enough to convince before, it has become more difficult since businesses lack finances to adequately manage and safeguard your data, especially if businesses are not yet complaint with privacy legislation.
When Companies Fold, What Happens to your Data?
“Certain companies have been disposing of records containing sensitive consumer information in very questionable ways, including by leaving in bags at the curb, tossing it in public dumpsters, leaving it in vacant properties and/or leaving it behind in the offices and other facilities once they’ve gone out of business and left those offices,” says Jacqueline Klosek, a senior counsel in Goodwin Procter’s Business Law Department and a member of its Intellectual Property Group.
That’s a scary thought.
If a company goes bankrupt, its storage devices are also usually sold to competitors “specifically with the intention of trying to salvage the data.”
In addition, when businesses are in the process of going bust, protecting their data may be one of their last concerns.
“When a company fails there is less concern about fines for non-compliance when there is no one left to pay the fines,” says John Gunn, general manager at Aladdin Knowledge Systems North America.
After all, if there’s no money, no employees, and no company left, who is left to bear the costs and shame of a privacy breach?