MBA Research

Trend #20: Information Use, Protection, and Retention

Business Trend

This month’s trend is about information use, protection, and retention.

Workplace Implications

Businesses are repositories of sensitive data. As such, they are responsible for storing, protecting, and ethically using the private or personally identifiable information they collect. Unfortunately, they are prime targets of hackers—just ask Target, Neiman Marcus, J.P. Morgan Chase, Premera Blue Cross insurance, etc.

As digital traffic increases, the threat to data security also increases. The increased use of cloud technology, mobile devices, and social media and the ability of employees to work remotely hamper businesses’ ability to protect data.

At the same time, businesses are attempting to reduce their information technology costs by adopting bring-your-own-devices (BYOD) policies. This forces companies to grapple with how to manage the risks associated with reduced control of configuration settings and installed software applications.

Escalating data breaches are increasing in scale, frequency, and ultimate cost to businesses and to the U.S. economy. As a result, regulatory scrutiny has grown, and additional resources have been allocated to address the issue.

Managers in this environment must continually evaluate data security policies to determine whether the policies best suit their business’s risks, needs and priorities while meeting applicable regulations. This trend is creating demand for qualified workers who can navigate the rules and work with technology.

Classroom Implications

Students need to understand the different classifications of information (e.g., personally identifiable, sensitive, private) and the importance of protecting that information from unlawful or unethical disclosure. Teachers may want to use case studies to explore the long-lasting damage that can occur to individuals’ financial, physical, and mental health when they become victims of identity theft. Likewise, they can discuss the impact that hacked data is having on businesses.

Students should be made aware of the ease with which information can be compromised through lost or insecure mobile devices or social media use. Schemes used by hackers, fraudsters, and other wrongdoers to obtain sensitive information should also be discussed (e.g., fake password reset emails, fake subpoenas requesting information disclosures). These techniques should be related to policies that businesses often implement to protect themselves. The importance of complying with company information privacy and security policies even when they seem inconvenient should also be emphasized.