A Wake-Up Call for Retailers on Data Privacy and Security Compliance
Access to large amounts of data has transformed the way retailers operate. Analytics provide incredibly valuable insights into customer preferences, market trends, supply chain activities and much more. However, growing data privacy and security compliance requirements pose challenges, and new research suggests retailers are struggling to meet those challenges.
A report from leading industry analyst firm Aberdeen suggests that enterprises, including retail organizations, are more acutely aware of data compliance requirements than they used to be, but too many aren’t currently in compliance. The report, Enterprise Data in 2018: The State of Privacy and Security Compliance, should serve as a wake-up call to retailers.
Derek Brink, vice president and research fellow in information security and IT GRC at Aberdeen, authored the report, which is based on a survey of more than 360 enterprises, including retailers. Brink describes the current state of privacy and security compliance as “exceedingly complex, surprisingly immature and disappointingly ineffective.” As a result, he concludes that enterprise leaders should consider new data integration and management strategies.
The report notes that ensuring data privacy and security used to be much simpler — companies denied access by default and granted it in rare exceptions. But modern business operations require a freer flow of information. Of the 360 organizations surveyed, 100 percent reported that they deal with at least one type of data and one data-related process that are subject to privacy and security compliance requirements. Furthermore, 86 percent said they handle multiple types of data and processes.
Survey participants said they were three times as likely to see increases in the total number of compliance requirements than decreases. The growing complexity involved in ensuring data privacy and security results from increased public demand. With hacking and identity theft on the rise, it’s understandable that people are looking for more protection.
The study suggests that enterprise data practices aren’t keeping pace with demand for protection. Many of the data privacy and security regulations businesses struggle with today have been in effect for years, but when the Aberdeen team surveyed compliance related to 11 common regulations and frameworks, they found that only 61 percent of companies had achieved full compliance.
Less than half of surveyed organizations reported that they use the most effective data privacy and security practices. The study measured maturity across each phase of an enterprise’s processes for integrating and managing data. Researchers found that no surveyed organization scored its enterprise data initiatives higher than 30 percent for maturity across their data life cycles, with 50 percent or higher being the threshold for strong maturity in data integration and management practices. These practices play a pivotal role in achieving and maintaining compliance with enterprise data security and privacy regulations.
The current state of compliance might not be so alarming if the measures in place now were working well and improvements were ongoing, but the report found that this isn’t necessarily the case. In fact, the study indicates the opposite — most organizations aren't fully compliant, and they aren’t fully secure despite having made significant investments in data privacy and security compliance.
Over a 12-month period, approximately 75 percent of surveyed organizations had experienced at least one data noncompliance issue, and 58 percent had experienced a data breach. Those are disappointing results considering that companies make a median investment of about 30 percent of the overall IT operations budget to achieve compliance with data privacy and security requirements.
So, what are the choices for retailers that are looking for a better way to handle data privacy and security compliance? Brink, the author of the Aberdeen report, offered this recommendation: “Given the complexity, costs and consequences, the current state of compliance for your enterprise data makes a compelling case for considering the use of third-party solution providers for integrating and managing your data and data-related processes.”
Specifically, Brink noted in the report, “organizations should consider solution providers that have the focus, specialized expertise, and platform to sustain data compliance activities for data privacy and security across all of the key elements of the enterprise data life cycle.”
The compliance burden is growing, so retailers that want to stay ahead of the curve should consider offloading compliance to a partner that can handle all of their data integration and management needs. Outsourcing compliance can enable retailers to not only gain peace of mind on the regulations front, but also redirect their scarce IT resources toward digital transformation. The Aberdeen report is a wake-up call, but it’s also the sound of opportunity knocking.
Dave Heflin is a strategic account executive with Liaison Technologies, a company that provides integration and data management solutions to help customers unlock the power of a data-centric approach to their business.
Related story: Retail Industry Sees a Surge in Data Breaches
Dave Heflin is a strategic account executive with Liaison Technologies. He has been with the company for almost seven years selling data integration, data security and data management solutions, including the Liaison ALLOY® Platform. Before joining Liaison, Dave worked for what is now SAP Ariba and focused on selling integration and spend management solutions for companies looking to execute eCommerce electronically. For the past 26 years, Dave has served as a commissioned Officer in either the active U.S. Army or U.S. Army Reserves, and currently holds the rank of Colonel.