As seen in the media, breaches resulting in data exfiltration and inaccessible data due to ransomware are forms of data loss that are fodder for sensational news. Impacts can include tarnished reputations, loss of clients and revenue, contract penalties, regulator sanctions and a decrease in market capitalization. Although less widely publicized, other forms of data liability can be just as damaging as those caused by data loss and occur in organizations every day.
As we discussed in Part 1 of this series, full data liability addresses the tangible and intangible damages caused not only by data loss but also by failures to ensure appropriate use, sharing, quality and integrity of data.
Let’s review a break-down of these concepts.
1) Data Loss – This is the most cited form of data liability and includes physical loss, unauthorized exfiltration or inability to access data. Loss threats can come from natural hazards, accidents, or deliberate actions. Deliberate threats are villainous, premeditated actions of theft or harm from internal or external actors and are the most publicized. Accidental data loss is actually quite common, frequent, but often goes unnoticed. Regardless of the cause, regulatory sanctions and other consequences are on the rise.
Data loss in the news:
2) Using Data – Access to data needs to be limited to those that have a need to know or perform duties, particularly for sensitive data about individuals or intellectual property. An intrinsic characteristic of data is the potential to be used to generate more opportunities than just for the intended process at hand. This has led to the collection of data that is not required for the process at hand but to be used for other purposes.
Using data for purposes other than what the owner (individual) understood it to be used for is increasingly no longer acceptable.
Inappropriate data usage in the news:
3) Sharing Data – Organizations share data externally for various legitimate purposes including collaboration, customer service, supply chain dependencies, research, marketing. Organizations are responsible not just for secure transmission of data, but often what happens to it after it has been delivered to the receiving party, which is difficult if not impossible to control.
Another form of sharing data is selling it to others that may use it for their own benefit. Liabilities associated with selling include the right to sell and sharing the burden of resultant damages.
Data sharing in the news:
4) Data Quality – Data quality addresses whether data is fit for its intended uses. Data quality is more than just accuracy and includes attributes such as relevance and timeliness. Poor data quality leads to incorrect decisions, misleading results and wasted resources among other negative outcomes.
Data quality in context:
5) Data Integrity - Data integrity has become expected and more crucial than ever before. Data must be pristine, unchanged, traceable and must represent what it is intended to represent. The design, implementation and operation of systems and procedures which store, process, retrieve and exchange data must ensure integrity of the data it maintains. A concern that is more difficult to control is the integrity of data when it is distributed outside the system of record where it can be unintentionally or purposely changed or corrupted.
Data integrity in context:
When organizations fail to ensure protection and the proper use, sharing, quality and integrity of their data, they put the value of their data assets at risk. As the volume, complexity and access of data increases, so do the potential exposures for adverse events. As exposure to liabilities go up, it jeopardizes the potential net value of data as an asset.
Next Blog: Data Liability – A Brief History of Data Liability
About the authors:
Zach Slayton is a Founding Partner of Triverus Consulting with over 20 years of experience delivering value to business through technology.
Carl Ascenzo is a Vice President at Triverus Consulting. His career includes leadership positions as a developer, investor, consultant and corporate customer whose current focus is on helping organizations mitigate the severe consequences of data liability.