"The time has come to create an exit strategy for the management of personal data. Strategic planning leaders will want to move away from storing and processing personal data in the next five years."
According to the research firm, organisations have usually been the target of security threats, with hackers targeting vulnerable IT infrastructure, while improving protection for such infrastructure would shift hackers’ attention to softer targets including employees, contract workers, customers, citizens and patients.
"The PCI Data Security Standard (DSS) requires the implementation of stringent controls of those who collect and store credit card data," Casper added.
"In response, many companies have decided to eliminate credit card data from their own systems and completely entrust it to an external service provider.
"The same could happen with personal data. If control requirements are too strong and implementation is too costly, it would make sense to hand over personal data to a specialised ‘personal-data processor’."
The research firm has advised firms to create clear description between personal and non-personal data and place the personal data within a fence.
Organisations are also recommended to support purpose-built applications over general-purpose and stick on to privacy standards or develop own standards.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.