LEVICK Risk and Business Strategy | August 31st, 2016
Data Protection and Control

Digital risk exposure is far greater than most companies appreciate.
The implications – both immediate and long-term – can have far-ranging consequences for productivity, competitiveness, intellectual property, and brand confidence. To effectively manage these risks, it is crucial that companies develop a coherent understanding of exactly how much control they have over the data they steward. Only when this knowledge of control is firmly established can a company devise plans for mitigating any potential crises resulting from a data breach.
Loss of total control over your data begins at the moment of digitization. After digitization, control over data diminishes with every additional node through which it travels – every additional employee and third party that has access to the data increases its vulnerability.  Third parties – contractors, service providers, and clients – are susceptible to the exact same kinds of insider threats faced by companies and governments. Performing thorough due diligence on all your partners is critical for extending as much control as possible across all external points of vulnerability.
Any employee can steal information, but it is not until he or she gives that information to someone on the outside that a breach has truly occurred. Your data is gone as soon as you lose it, and you will be unable to stop whoever took it from continuing to possess it or using it as they see fit. Companies, governments, and individuals should map out the contours of their control, identifying all possible holes in their digital and human walls, monitor and patch those areas of vulnerability where possible, and develop contingency plans to mitigate fallout if a breach does occur.
It is relatively easy to defend your data through technical means, but the more difficult element is people – data encryption means nothing if someone on the inside hands over the key to someone who is not authorized to have it. The good news is that employers can exercise a great deal of influence over the behaviors of their employees. Employees can easily be taught to recognize, deflect, and report suspicious questions from outsiders that might divulge methods of accessing your data, and standard operating procedures can ensure that an employee™’s data access is abrogated upon departure from the company.
Even with every known potential vulnerability clearly mapped, the way one does business must always be subject to the principle that what is recorded in the digital space in ‘private’ may at some point be divulged in ways or spaces not currently predicable. Whether by leak, FOIA request, or litigation discovery, your information can be removed at any moment from the confines of your control. Every communication transmitted through email must be written with this consideration firmly in mind.
All of this can too easily lead to paranoia – the symptom of an imbalance between vigilance and inattention, which supplies its own dangers. Bad actors can blackmail paranoid, unaware companies with the fabricated spoils of a nonexistent data breach. But firms that treat cybersecurity threats with equal doses of sobriety and diligence by mapping out their control and vulnerabilities can verify a possible compromise before reacting.
For further information about LEVICK Business Intelligence™’s political and regulatory risk capabilities – including obtaining a complete copy of this report or others – please visit us online at http://levick.com/practices/business-intelligence or contact us directly at LEVICKIntelligence@LEVICK.com. A complete list of our Political Risk Updates can be found under the Political & Regulatory Risk tab.Â
LEVICK Risk and Business Strategy | August 31st, 2016
Data Protection and Control

Digital risk exposure is far greater than most companies appreciate.
The implications – both immediate and long-term – can have far-ranging consequences for productivity, competitiveness, intellectual property, and brand confidence. To effectively manage these risks, it is crucial that companies develop a coherent understanding of exactly how much control they have over the data they steward. Only when this knowledge of control is firmly established can a company devise plans for mitigating any potential crises resulting from a data breach.
Loss of total control over your data begins at the moment of digitization. After digitization, control over data diminishes with every additional node through which it travels – every additional employee and third party that has access to the data increases its vulnerability.  Third parties – contractors, service providers, and clients – are susceptible to the exact same kinds of insider threats faced by companies and governments. Performing thorough due diligence on all your partners is critical for extending as much control as possible across all external points of vulnerability.
Any employee can steal information, but it is not until he or she gives that information to someone on the outside that a breach has truly occurred. Your data is gone as soon as you lose it, and you will be unable to stop whoever took it from continuing to possess it or using it as they see fit. Companies, governments, and individuals should map out the contours of their control, identifying all possible holes in their digital and human walls, monitor and patch those areas of vulnerability where possible, and develop contingency plans to mitigate fallout if a breach does occur.
It is relatively easy to defend your data through technical means, but the more difficult element is people – data encryption means nothing if someone on the inside hands over the key to someone who is not authorized to have it. The good news is that employers can exercise a great deal of influence over the behaviors of their employees. Employees can easily be taught to recognize, deflect, and report suspicious questions from outsiders that might divulge methods of accessing your data, and standard operating procedures can ensure that an employee™’s data access is abrogated upon departure from the company.
Even with every known potential vulnerability clearly mapped, the way one does business must always be subject to the principle that what is recorded in the digital space in ‘private’ may at some point be divulged in ways or spaces not currently predicable. Whether by leak, FOIA request, or litigation discovery, your information can be removed at any moment from the confines of your control. Every communication transmitted through email must be written with this consideration firmly in mind.
All of this can too easily lead to paranoia – the symptom of an imbalance between vigilance and inattention, which supplies its own dangers. Bad actors can blackmail paranoid, unaware companies with the fabricated spoils of a nonexistent data breach. But firms that treat cybersecurity threats with equal doses of sobriety and diligence by mapping out their control and vulnerabilities can verify a possible compromise before reacting.
For further information about LEVICK Business Intelligence™’s political and regulatory risk capabilities – including obtaining a complete copy of this report or others – please visit us online at http://levick.com/practices/business-intelligence or contact us directly at LEVICKIntelligence@LEVICK.com. A complete list of our Political Risk Updates can be found under the Political & Regulatory Risk tab.Â
- Brand
- Corporate Revolt Over Campaign Donations Shakes Political World
- What Happens Next?
- CSR & Sustainability
- Public Perception & the Biden Transition
- WATCH: Reputation Management with PRSA
- Over the River and Through The Woods
- Why Non-Profits are so Vulnerable to Crisis Risk
- The Threat to Free Markets
- What Happens When Nonprofits Get Caught In The Klieg Lights?
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Avoid Future Shock: 10 Changes to Anticipate for 2021
- Guidance for Corporate Reputation Risk
- Communications
- Why Should I Apologize? Lawyers vs. Communicators
- What Happens Next?
- CSR & Sustainability
- A Conversation with Abbe Lowell
- A New Year’s Resolution
- Public Perception & the Biden Transition
- WATCH: Reputation Management with PRSA
- Leveraging Legal Expertise in Communications
- Over the River and Through The Woods
- Why Non-Profits are so Vulnerable to Crisis Risk
- The Threat to Free Markets
- Dropping the Mic
- Company News
- Recent Awards & Recognition
- Won’t You Be My Neighbor?
- What’s a Director to Do?
- LEVICK Announces Partnership with BCG
- A New Look
- Albert Krieger, 1923-2020
- LEVICK Announces Partnership with Jipyong
- Speaking to In-House Counsel
- Childhood Lessons
- LEVICK Announces New Webinar Series with Turbine Labs
- LEVICK Launches New Website
- LEVICK to Launch Podcast
- Crisis
- What to expect as the clock approaches midnight
- How to Stop the Madness
- Corporate Revolt Over Campaign Donations Shakes Political World
- A Remembrance of Tommy Raskin
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- The Cost of Government Regulation and the Threat to Free Enterprise
- What Happens Next?
- A Conversation with Abbe Lowell
- Covid-19: The Pandemic that Never Should Have Happened
- Public Perception & the Biden Transition
- Finance
- The Threat to Free Markets
- Advisory & Insurance Services
- WATCH: Revolutionizing Litigation Finance
- Litigation Finance: Revolutionizing Litigation
- Consumer-Focused Solutions for Financial Health
- Event: Consumer-Focused Solutions for Financial Health
- Sports: Power and Money in a New Age of Social Justice
- The Balancing Act: The Role of Whistleblowers in American Commerce and Government
- The Evolving and More Powerful FARA
- FCPA & Compliance in a Time of Uncertainty
- Shareholders vs. Stakeholders: Is the Paradigm Shifting?
- CommPRO: Transparent Political Donations
- Guest Column
- Guest Blog: The Mainstream Media Gets an A for Intellectual Arrogance, an F for Journalism
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- South Africa: The Slow Decline of the ANC
- Why CSR Fails and How to Fix It
- What to Expect Following the European Elections?
- Buhari Inaugurated. What Now for Nigeria?
- Marketing- It’s Up To You…
- Crisis Management lessons from the air-crash investigation model
- The Future of War
- Health
- Food Issues & the Biden Administration
- Covid-19: The Pandemic that Never Should Have Happened
- Pharma’s Post-Pandemic Policy Outlook
- Keeping Hope Alive
- Real Herd Immunity
- The Fiction of College Sports Amateurism
- Mac Summit: Crisis Communications in a Post-Covid, Post-Election World
- Travel Industry Communications in the Age of Covid-19
- Track of Time
- Is C-19 Taking Women Lawyers’ Careers Back to the 1950s?
- Post-Pandemic PR Strategy
- Bankruptcy: A Culture of Transparency
- In Memoriam
- Snider’s Super Foods: Locally World Famous
- Speak Truth With Love, Not Anger
- In Memoriam: Stephen Susman
- Letter to the Movement
- John Lewis’ Life Bridged the Best of America
- Albert Krieger, 1923-2020
- In Memoriam of Marcia Horowitz
- Jim Lehrer Passes Away
- Martin Luther King, Jr.
- Harold Burson Passes Away
- Interviews
- CommPRO: Ruth Bader Ginsberg’s Life & Legacy
- Richard Levick on “My Wakeup Call”
- Primerus Webinar: Into the Wind
- The Future of Baseball Post-Pandemic
- Webinar: The End of Brand Neutrality
- Thought Leadership & Organic Growth
- Man & Superman
- LEVICK Announces New Webinar Series with Turbine Labs
- Navigating Coronavirus Challenges in the Insurance Industry
- VIDEO: How to Anticipate & Avoid a Crisis
- What’s Next? with Julie Chase
- What’s Next?: California Electoral Behavior
- Law Firms
- Why Should I Apologize? Lawyers vs. Communicators
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- A First Look at the Google Antitrust Suit
- The Latest Top Class Actions
- Trust on Trial: How Communicators Succeed in a World No Longer Trusted
- The Latest Settlements, Class actions, Investigations & More
- Managing Legal & Communication Advice in a Crisis
- Litigation
- Why Should I Apologize? Lawyers vs. Communicators
- A Conversation with Abbe Lowell
- Leveraging Legal Expertise in Communications
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- WATCH: Revolutionizing Litigation Finance
- Litigation Finance: Revolutionizing Litigation
- A First Look at the Google Antitrust Suit
- Our Work
- Recent Awards & Recognition
- The Cyber Bad Guys Are Getting Worse
- Crisis Communications & The Age of Cancel Culture
- Standing on the Shoulders of Giants
- Video: Conversations with American Legends
- Staying Ahead of the Crisis
- A New Era of Insurance Marketing
- Infographic: Judgment Free Zone
- Infographic: Barriers to Entry
- Infographic: History Meter
- Assistance for Law Firms Engaged in Pro Bono
- Webinar: The End of Brand Neutrality
- Public Affairs
- What to expect as the clock approaches midnight
- How to Stop the Madness
- Corporate Revolt Over Campaign Donations Shakes Political World
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- Food Issues & the Biden Administration
- The Cost of Government Regulation and the Threat to Free Enterprise
- What Happens Next?
- CSR & Sustainability
- A Conversation with Abbe Lowell
- Public Perception & the Biden Transition
- Risk
- Ingredients of Decency
- ESG Performance and Credit Markets
- The Coronavirus Saga is Just Beginning
- No. 1 Risk of the Decade
- The Risk Evolution of Corporate Risk
- Extend Risk Management Reach
- Collective Action
- Risk Identifying Software
- The New Risk of Doing Nothing
- Political Unrest In Hong Kong
- High-Profile Kidnaps in African National Parks
- Cyber Resilience
- Social
- How to Stop the Madness
- A Remembrance of Tommy Raskin
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- CSR & Sustainability
- A New Year’s Resolution
- Dropping the Mic
- Won’t You Be My Neighbor?
- Crisis, Covid, DEI & the Election
- MLK’s Memphis Address
- The Fiction of College Sports Amateurism
- Technology
- Constella Intelligence Announces Hunter for Improved Investigation Capability
- Cyber Risk Institute Expands Its Profile
- Digital Politics: The Future of Voting Technology
- Ethics in Electronics
- The Cyber Bad Guys Are Getting Worse
- A First Look at the Google Antitrust Suit
- The Pause
- Cybersecurity Incidents of the Summer
- The Changing Digital Economy and Cyber Risks
- The Future of U.S. Manufacturing
- Tech CEO Summer Superbowl hearing
- Technology & Privacy Alert
- This Week
- A Remembrance of Tommy Raskin
- A New Year’s Resolution
- Over the River and Through The Woods
- Dropping the Mic
- Won’t You Be My Neighbor?
- The Cyber Bad Guys Are Getting Worse
- What We Hear
- Track of Time
- Video: Conversations with American Legends
- Conversations with American Legends
- A New Era of Insurance Marketing
- American Legend