Who has responsibility for preventing security and privacy breaches?
Friedland: “The chief information security officer (CISO) or head of the data governance office is usually responsible for identifying and securing personally-identifying “data at risk.” That said, privacy legislation in effect for various industries (like HIPAA for healthcare) may hold higher level executives accountable for non-compliance, and it they don’t, shareholders reeling from lawsuit and remediation expenses ultimately will. For these reasons, it is important that companies not only take steps to protect data at rest and in motion (preferably at the source), but that their tools provide an audit trail so compliance activities can be specifically verified.
