Identifying and Protecting Data Within Your Organization is a Moving Target

Written by Doug Austin, Editor of eDiscovery Today

Organizations have a lot to contend with regarding their data these days. Data is more sensitive than ever, due to ever-changing data privacy laws. Yet, it’s also under siege more than ever with an increasing number of cyberattacks every year.

But perhaps the biggest challenge is that identifying and protecting that sensitive data is a moving target. Why? Because data doesn’t stand still.

Stakes are Higher Than Ever for Protecting Sensitive Data

Since the General Data Protection Regulation (GDPR) went into effect in May 2018, the stakes for protecting personal data have grown considerably. Add to that US state laws in California, with the California Consumer Privacy Act (CCPA) and its replacement the California Privacy Rights Act (CPRA), Virginia’s Consumer Data Protection Act (CDPA), the Colorado Privacy Act (CPA) and the Utah Consumer Privacy Act (UCPA) (which was just signed last week).

While there are similarities between the various state laws to date, there are differences between each as well. All the state laws except the CCPA have been signed into law in the past 18 months. With 46 states still without a comprehensive data privacy law, expect to see many more state laws passed in the next few years (absent a federal law).

As a result, the stakes for protecting sensitive data such as Personally Identifiable Information (PII), Protected Health Information (PHI) and Payment Card Industry (PCI) data continue to increase, and the requirements continue to change.

Threats Against Sensitive Data Continue to Increase

While the stakes are higher for protecting data, the threats to that data continue to escalate too. Here are a few statistics from the Identity Theft Resource Center (ITRC) 2021 Data Breach Annual Report released back in January:

  • In 2021, there were more data compromises reported in the US than in any year since the first state data breach notice law became effective in 2003.
  • The overall number of data compromises (1,862) was up 68% over 2020; the new record number of data compromises was 23% over the previous all-time high (1,506).
  • Ransomware-related data breaches have doubled in each of the past two years.
  • There were more cyberattack–related data compromises (1,613) in 2021 than all data compromises in 2020 (1,108).

2.5 Quintillion Bytes of Data Created Every Day (At Least)

Back in 2018, Forbes reported that there are 2.5 quintillion bytes of data created each day. However, it also noted that the pace is accelerating with the growth of the Internet of Things (IoT) device data. Of course, in 2018, the use of collaboration apps wasn’t near as prevalent as it is today with many more remote workers due to the pandemic. So, the amount of data created each day is certainly higher than it was back then – probably a lot higher.

That’s what I mean about the sensitive data being a moving target – because more of it is being created every day in your organization.


So, with the stakes and threats to protecting sensitive data higher than ever and more of it continuing to be created daily, what do you do?

You leverage technology, including AI-based automatic classification algorithms to identify key sensitive information (including personal information) on a continuous basis. With so much data coming into your organization daily, how else are you going to keep up? Data grows so fast that organizations have no choice but to leverage AI technology to help identify and protect their growing collection of sensitive data.

And for more educational topics from me related to eDiscovery, information governance, cybersecurity and data privacy, feel free to follow my blog, eDiscovery Today!