Focuses on firms’ data security practices and policies, as well as on privacy policies and practices related to customer data.

Data security and privacy are major issues in the era of big data. Data security threats can expose customer, business, and personal information. Security-related events can lead to significant monetary costs, legal liabilities, reputational impacts, and competitive threats. As there are as of yet no comprehensive legal and technical standards, firms interested in minimizing and mitigating these threats need to rely on best practices derived from industry standards, federal agencies, and lessons learned from the myriad of recent data breaches. Ideally, organizations should be able to understand and define the sensitive data they work with, while employing real-time masking and security policies to protect said data.

Sensitive information and personally identifiable information serve as the focal points of concern over privacy. Data privacy issues surround healthcare records, criminal justice investigations and proceedings, financial institutions and transactions, biological traits including genetic material, residential and geographical records, ethnicity, and geolocation. This sensitive information can be prevented from being disclosed by being masked, or de-identified in databases, applications, and reports across the enterprise. In the United States data security is a legal frontier: no comprehensive law for data security or customer privacy currently exists. Information privacy is regulated and enforced far more actively in the European Union through the Data Protection Directive and forthcoming General Data Protection Regulation.