Companies are considered data obese when they possess unneeded data which is collected, created and mismanaged by the enterprise in the course of the business. Data obesity is the result of poor data management in many stages of the data lifecycle. For example, a company may collect excessive amount of data from clients and other sources, or the company may not have data retention policies leading to excess data maintained in the databases. Often, with careless data collection and retention comes careless data protection which eventually results in data theft and non-compliance with regulations.
Companies which possess less private data have a lower risk of enterprise data theft even in the face of growing system access breach cases. Private data refers to the information which is non public information whether personal or business information.
Businesses become data obese because they become careless over time about their business practices and overlook the amount of information that they collect, create and manage in their business operations. This lax business environment eventually leads to data obesity because businesses fell asleep during the course of their business and suddenly awaken when high profile data breach cases are announced, new regulations are introduced, and existing regulations are enforced.
We introduced identity obesity in the past which was a term used to refer to people who collect, share and maintain more personal information than they really need to function in the society. Identity obese people tend to own more credit cards, fill out excessive number of forms online which collect personal information, and share more personal information in social networking websites.
As people collect, share, and mismanage more personal information than needed, they place themselves in a very high risk of identity theft and therefore we determined that identity obese people need to first identify in which areas of their lives may be identity obese and then assess what actions they need to take to reduce their identity obesity level.
Similarly, companies which collect or create excessive and unnecessary amount of information, and then mismanage the information are also called data obese because they possess more mismanaged and unprotected information than they need to conduct business but even if of excess data is well protected and managed, it is not without extra costs and additional risks.
In order to a function in the current highly regulated environment, companies must be mindful of the amount, type, and transmission mode of the data they collect and share. Businesses must also be mindful of the level of protection they place around stored data including data or hardware encryption as well as access controls.
Being data obese has many consequences for companies such as high cost of data protection, regulatory compliance, and risk assessment before and after system breach cases. Regardless, of the cost and consequences, data obesity can be prevented when companies pay close attention to their business operations and are mindful of how much unneeded information they collect, share, and retain. In the long run, this is the best approach to lower data risks and costs associated with data management.