Majority organisations will store sensitive information on IT systems that they do not own or control by 2019, according to the latest research.
Gartner’s report revealed that 90% organisations will employ external service providers for storing personal and business information by 2019.
Gartner research VP Carsten Casper said as the amount of personal information increases multifold, individuals and their personal data will increasingly become a security target.
"And, yet in most scenarios the organisation is still ultimately accountable for the personal data on its IT systems," Casper said.
"The time has come to create an exit strategy for the management of personal data. Strategic planning leaders will want to move away from storing and processing personal data in the next five years."
According to the research firm, organisations have usually been the target of security threats, with hackers targeting vulnerable IT infrastructure, while improving protection for such infrastructure would shift hackers’ attention to softer targets including employees, contract workers, customers, citizens and patients.
"The PCI Data Security Standard (DSS) requires the implementation of stringent controls of those who collect and store credit card data," Casper added.
"In response, many companies have decided to eliminate credit card data from their own systems and completely entrust it to an external service provider.
"The same could happen with personal data. If control requirements are too strong and implementation is too costly, it would make sense to hand over personal data to a specialised ‘personal-data processor’."
The research firm has advised firms to create clear description between personal and non-personal data and place the personal data within a fence.
Organisations are also recommended to support purpose-built applications over general-purpose and stick on to privacy standards or develop own standards.
