Do you have any tips for helping the business understand when data becomes more of a liability than an asset of real value? Is the current regulatory landscape making this harder or easier to determine, from your experience?

Risk ManagementInternal CXO Relationships
449 viewscircle icon4 Comments
Sort by:
Chief Risk Officer10 months ago

Businesses need to recognize that data can quickly become a liability when it’s outdated or improperly managed. Clear communication about the risks—like compliance costs and potential breaches—can help. Interestingly, the current regulatory landscape is pushing us to reevaluate data value, making it easier to identify when it becomes more of a burden than a benefit.

Lightbulb on3
Director of IT10 months ago

Yes, I think you have to express in numbers how much is the cost of having that data. I believe is a good parameter that allows the business a better understanding of the situation. Here at the SBS, we have some regulatory that indicates us how long we must have the data. After that period, is a decision of the business if we want to maintain that data longer.

CISO/CPO & Adjunct Law Professor in Finance (non-banking)10 months ago

If there isn't a business reason to retain certain data, it should not be kept, as it then becomes a liability. This isn't just a broad liability but also an expensive one. Some AI projects can be funded simply by identifying and eliminating old or stale data. The current regulatory landscape mandates that businesses know what data they possess and comply with relevant regulations. These rules vary depending on the jurisdictions in which the business operates, which means compliance and privacy officers are crucial in managing this aspect.

CISO10 months ago

Sometimes, contractual requirements may necessitate retaining data for longer periods. Reflecting on my experience at Experian, where we faced numerous lawsuits and class actions, we had a forensic team dedicated solely to discovery responses. The data we retained never served to protect the company; instead, it often resulted in harm. Therefore, it is beneficial to delete data as soon as possible, as this reduces liability and shrinks the attack surface, making it harder for data to be stolen. However, it is essential to understand the relevant regulations and contractual obligations. This understanding will guide the development of retention schedules, which should be consistently applied across the organization. In one instance, inconsistency in data retention practices among business units led to legal complications. Maintaining consistency in data retention policies is crucial.

Content you might like

What are your organization’s drivers for implementing RegTech?

Support future growth36%

Automate manual processes59%

Demonstrate compliance49%

Reduce risk exposure43%

Improve customer experience16%

Reduce costs13%

View Results

How do you manage risk with contractors in your supply chain?

Keep hard copies and file paperwork13%

Update spreadsheets to create reports44%

Use a digital supply chain management solution27%

Partner with a third-party vendor11%

Other (comment below)3%

View Results

How are you socializing quantum-safe cryptography with your organization's leadership team? What’s your approach to the messaging around that given the complexity?

Read More Comments

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

Excluding CVE, what other vulnerability databases/info sources do you use currently? Have you developed any contingency plans to lean on in case the CVE program loses funding?