Finding The Hidden InfoSec Story

Data Hoarders

Photo Credit: PeaceLovePhotography Flickr via Compfight cc

Ever watched the TV programme “Hoarders” where they show the house of a hoarder who keeps everything?

This is either because they have a collecting bug, or need to keep things for a rainy day. Whatever the reason, they don’t get rid of things and just keep their stuff until it becomes a problem. The house is piled high with newspapers, magazines, out-of-date tins and all sorts of things that have often become unrecognisable or unusable.

Those sent in to clean out the house often have to wear fumigation masks and struggle to make their way through the unpleasant and inhospitable surroundings. There are often rats and mice hidden in all the stuff, chewing their way through, making everything unusable and the house an unpleasant place. The hoarder can’t find or use much of what they have because it is piled up in the house and it is impossible to find anything.

Still the hoarders keep collecting stuff and finds it impossible to let go of what they have. Without addressing their hoarding tendency, sorting out their house often reminds them what they have and they still struggle to let it go and gain control of everything they own.

1 Copyright - Shadwwulf at English Wikipedia [CC BY 3.0 (], via Wikimedia Commons

1 Copyright – Shadwwulf at English Wikipedia [CC BY 3.0 (], via Wikimedia Commons

Now think about the modern organisation. If we were to take all the data and digital information and represent it physically would it look like a nice tidy house or more like a data hoarder? The reality is that for many organisations the second scenario would be true. Most organisations keep data in case it might be useful, because we don’t really have any control over it or because it’s piled so high that we can’t distinguish the important information from the noise. The lack of data governance is underlined by the studies undertaken by IDC for EMC ( looking at the size of the digital universe. In 2013 we stored 4.4 Zettabytes of data and by 2020 that is predicted to have grown tenfold to 44 Zettabytes. 43% of that data needs protection but over half of that data is not protected, probably because the business can’t sort through the piles of data to sort the crown jewels from the costume jewellery. How do we know that we have proper control of our data? How do we know that we are protecting and controlling our sensitive data appropriately?

Data governance has been core to information security and management best practice for years and yet many organisations have still not implemented it properly. This is borne out by Symantec’s own State of European Data Privacy Survey where 9 out of 10 of the businesses surveyed have concerns about their ability to become compliant with the General Data Protection Regulation (GDPR).

This creates a major challenging in running the modern data driven business, something that is exacerbated as we move to the cloud. If we don’t gain an understanding and control of our data and tidy the house as we move to the cloud, then we are in danger of turning our data hoarder’s house into a palace. It will soon be Gormenghast in its complexity, and the unmanageability that comes from the unmanageable growth of data. We need to understand and control our data; ensuring that we are managing the risk to its use and control. This is core to the updating to privacy regulations that we are seeing across the globe, including the new GDPR.

Understanding the collection of personal data, ensuring that we maintain the quality of data, only use it for correct purposes, provide safeguards on its security and are accountable for how we treat and manage it is at the core of the framework for all privacy law. We need to control and manage data in a pragmatic way that allows us to protect it from loss and abuse, and when it includes sensitive personal data ensuring that we are protecting the individuals whose data we collect.

If we get data governance and control correct we don’t need to be too concerned with emerging regulations such as the EU GDPR. The core to these is that we take data seriously, ensure that we have permission to use personal data and are suitably accountable for its protection and use. We need to be more like Marie Kondo than the data hoarder; knowing where our information is, how it’s being used, only keeping that which we need and regularly tidying our house so that we can find and protect sensitive personal data. This theme is developed more in my tidy data for a tidy company blog which covers the idea of controlling your data by category rather than location. It is better to sort the newspapers first and then the salmon tins, or to focus on sensitive personal data first and then other important types of data such as intellectual property.

Author: Siân John

Share This Post On