The landscape of information risk in Canada is congruent with the risk governance posture across North America. With a per-record data breach cost of $204 and billions of records compromised over the past 8 years, organizations are at last focusing their efforts on preventative measures and tighter adherence to compliance standards.
“Managing Personal Information” addresses the prime concerns of executives that value the protection of privacy and seek to derive a calculable return on investment from risk-based initiatives. The book’s official site includes quotes from the authors, a select group of the industry’s foremost professionals and trusted advisors.
To date, 40% of IT & compliance professionals are reportedly pessimistic about the future and a whopping 70% of managers do not report top risk exposures to the board of directors. “Managing Personal Information” was created to educate managers, executives and their advisors about ways to handle everything from data protection to quantified risk exposure.
Primary author and security expert Claudiu Popa says “according to a recent Ponemon study, the average business disruption as a result of non-compliance is $3.3 million. That’s a cost of remediation almost 3 times higher than standard compliance figures and represents an average of $222/employee, an amount that could be spent on any other number of things.”
“By and large, the consensus over the last few years has been, at least according to 68% of enterprises, that organizations are storing too much personally identifiable information to protect adequately, but the cost of non-compliance seems to suggest otherwise. ” According to recent Verizon and PRC data, CEOs see compliance and risk costs as the #1 factor influencing profitability.
With 1/3 of organizations falling out of compliance with PCI-DSS and 77% failing to identify a chief risk officer or equivalent, the need for a calculable return on investment from risk-based initiatives is paramount. “Managing Personal Information” includes readily applicable guidance on changing ‘the tone at the top’ and seeing privacy and security risk as an investment in the organization’s most important asset: information.
With 66% of boards and executives not having adequate visibility into information risk, this book seeks to empower managers and directors to understand the exposures, quantify the impact and initiate privacy and security activities that implement effective, mature controls that deliver in the near term as well as the long.
The publication was designed to boost data risk governance maturity in Canada and provides exclusive new content along with a foreword by the Ontario Information and Privacy Commissioner, Ann Cavoukian: included are operational risk and data protection concepts ranging from vendor management, identity theft and incident management to a new enterprise risk assessment primer, methods of re-engineering privacy into organizations and templated resources for quick reference.