Sixty percent (60%) of organizations surveyed acknowledge that data loss is a recurring problem, according to Accenture’s study on “How Global Organizations Approach the Challenge of Protecting Personal Data.” The study reminds us that “data privacy and protection shortcomings can do irreparable harm to companies’ balance sheets, not to mention their brands, credibility and customer trust and relationships.”  We’ve seen this, some of us have experienced it. This knowledge however should not paralyze us but galvanize us into action to create programs and security initiatives that create a culture of security and protect our customer’s personal data, daily. We need to ensure that we are in continuous compliance with data privacy laws. We owe it to our customers, we owe it to our board members and we owe it to ourselves.

The study goes on to say that “Fifty-eight percent (58 %) of organizations surveyed have experienced at least one data security breach over the past two years, however 73 percent said their organization has adequate policies to protect the personally identifiable information (PII) it maintains.”

These figures make one thing very apparent. Organizations do not have adequate policies to protect PII. Then again perhaps my adequate and their adequate are not the same thing. Adequate to me compels an organization to have continuous security programs in place, not just when the auditors are knocking.  Another key finding showed that the biggest causes of data loss are internal. How then can organizations claim to have “adequate controls” when a big part of the problem lay within? Forty eight percent (48%) attributed data loss to employee negligence, while fifty seven percent (57%) blamed business or system failure.

Information silos breathe proprietary information and can lead to fraudulent activity.  Collaboration however promotes visibility and transparency allowing organizations to better protect data. Seems to me that we still have a lot of work to do to create more data transparency and a culture of security within our organizations.

Do read the entire study, it is quite revealing.

To those of you who have known me for many years, you will realize that this post is not intended to be a ego-centric or promotional note….That’s just know how I roll. In my opinion, competition is healthy and necessary in EVERY business.

So why the disclaimer? Well, I am getting more and more concerned that some of my good friends in the banking arena are making decisions in the compliance area, SOLELY based on cost. We are seeing a growing number of Banks make critical security and compliance decisions based on “getting it done” cheaper. I KNOW most Banks are struggling to show an increased ROI and ROE which may be down from the last few years. Many of these Banks have compensation plans that tie directly to profitability and some executives have seen their personal bonuses reduced CONSIDERABLY. I understand the pain, but I also understand the potential of these cost reduction pressures getting in the way of making critical decisions.

It’s my opinion that making ANY decision based on the cost alone can have devastating reputational consequences. It does not matter what area of compliance you are considering, if you are looking at cost alone, it’s only a matter of time before SOMEONE gets compromised. Audit and compliance happen to be areas where a vendor can put a nice proposal together that “says” you are covering ALL the areas, but none of them go into detail as to the actual due diligence that’s to be performed. Frankly, in the technology area, most banks don’t have the expertise to understand the difference.

Here at The Garland Group, we have discussed SEVERAL times coming up with a “lite” version of our Technology audit— but we always come back to one thing. Would you be OK with a “lite” version of the audit if you had the primary responsibility to make the right decision as a member of the Board. Just ask yourself: What is taking the cheap route going to “cost” me in reputational risk, security, and more?

Thanks for letting me get that off my chest, and thanks for reading this.

Have you ever heard of a DiSC assessment? It’s a test that gives you insight into your communication style. Through our HR company we recently all took the test and sat down for a training/analysis session to talk about the different styles and what it means to us. Here’s a crash course on the different communication styles:

• Dominance – relating to control, power and assertiveness
• Influence – relating to social situations and communication
• Steadiness – relating to patience, persistence, and thoughtfulness
• Conscientiousness (or caution) – relating to structure and organization

Now, of course, we all have a blend of these but you generally have one or two primary traits. For example, I was a ‘Di‘ (big-D little-i) . It was really great to be able to better understand why someone communicates the way they do and how your can cater to their style to get to common ground. Every day, we all are constantly adapting to the person we’re interacting with in what I visualize as a communication dance. Our group also started thinking about how our company as a whole conveys a certain style (the consensus was were very forward thinking but process oriented). Our clients have a style, too! Some clients are direct, straight forward and get right down to business. Others would rather have more casual conversations. If possible, I’d highly encourage your department or organization to take the DiSC assessment, it was an enlightening experience for our team.

Thanks to all that were able to attend our webinar last Friday on Enterprise Risk Management: Strategies for Your Organization. Also thanks to our speakers Denis O’Neil and Mary White of WTC Performance Group for covering such a relevant topic.

Our webinar series fall on the 1st Friday of each month and next month (May 7th @ 11am CST) we will be discussing ‘Examiners Hot Security Topics for 2010′ so it should be a great topic as well.

If you are wanting the slides for the presentation, you can download the PDF of those here. Thanks everyone!