Dark data can be information that is collected intentionally but never analyzed or dealt with, or it can be information that is collected through automated software processes that aren’t being actively managed. It can also simply be locally saved copies of information that individuals keep for convenience. The risk comes with the fact that dark data often contains personal identifying details, confidential data, and other regulated or sensitive information.
If an organization isn’t aware of the existence of this data, it becomes a risk — IT departments won’t create the proper safeguards around it — and it will also be outside any regulatory processes that have been put into place for compliance.
This risk becomes even more acute when we begin to look at the kinds of data collected by governments. Tax and property data, bill payments, permit applications, and other municipal records are in many cases generating large amounts of dark data that are vulnerable to data breaches — and the mere existence of this data exposes municipalities to liability.
Conducting a data audit on municipal government information systems often reveals highly sensitive data that has been insecurely stored, sometimes for many years. Simply put, it is impossible for a government to manage and protect information if the people in charge of those processes aren’t aware of all the information they have. That’s why it’s critical for government organizations to have a strong data security foundation and a game plan for dealing with all data that is collected.