Image by: rkankaro, ©2017 Getty Images

    Every day, we are hit with more news alerts about data breaches, systems being hacked, and all kinds of implications that the weakest link in the information ecosystem is the technology. Yet, for many businesses, this is not the case.

    In a recent AIIM study focused on the European Union (EU) General Data Protection Regulation (GDPR) titled “Understanding GDPR Readiness in 2017,” the primary reasons cited for data loss and exposure were staff negligence or bad practices, not technology or hacking; sixteen percent of our respondents reported internal or human resources (HR) incidents due to unauthorized access. The result of these breaches is the exposure or loss of personally identifiable information (PII) on employees, customers, or citizens.

    In a recent AIIM study, respondents were asked if their organization had suffered any of the above incidents in the last 12 months.
    Source: AIIM Study "Understanding GDPR Readiness in 2017."

    Consider This

    It would be easy to say that technology is at fault and place the blame at the feet of the suppliers, expecting them to take the hit, but the reality is that security and data protection are the responsibility of the corporation that holds it. As the GDPR study shows, it is human negligence and bad practices that is to blame for a lot of the data los and exposure in many businesses.

    The reality is that security and data protection are the responsibility of the corporation that holds it.

    This is where a strong governance framework, supported by improved and automated business practices, can minimize and even eliminate much of this—or certainly provide greater insight as to the potential risk and allow for better and faster mitigation.

    In My View

    It’s time to look inside, take responsibility, and hold employees accountable for the protection and security of sensitive data of all types. Technology alone is not the answer. Data protection requires a holistic approach combining people, process, governance, security, and technology. Education, communication, and training are mandatory on a recurring basis to reinforce the policies, procedures, and technology training used to protect data resources. Don’t play the blame game.

    Bob Larrivee is Vice President and Chief Analyst of Market Intelligence at AIIM and an internationally recognized subject matter expert and thought leader with over 30 years of experience in the fields of information and process management. Follow him on Twitter @BobLarrivee.