All right. So my name's John Pocknell. I work in product marketing. I'm a database solutions evangelist. So my job is to look at what Quest offers across our database portfolio, and how it can help you solve real problems in your business. In this particular session, we're going to be talking about how all DBAs often have to deal with protecting the business data, which is part of your role anyway.
But with state of privacy regulations, like GDPR and HIPAA and the Californian Data Protection regulations, and many, many others-- this is a global issue. It's not confined to Europe, right? It's a big deal. Personal data. So GDPR is concerned with personal data. But as a business, you've got data this not necessarily personal data but is sensitive to you as a business. And with all these external attacks that we're hearing about, how do you make sure you protect this data should it be hacked , and anonymize it?
So you can see here the prevalence of data breaches. So this is-- and you can go to this. It's informationisbeautiful.net. It's great because it's a visual cloud, and it keeps changing. Every time you hear about a data breach they publish this. And you can see it says go back to way before 2016. I think it goes back to 2009. But it's got more recent ones up in here. It's got Facebook, and Canva, Nametests, and Twitter, and Marriott Hotels.
And these are the number of-- so what these numbers are is the number of individuals that were affected by a data breach. That's not the how much they were fined. Nonetheless, the fines are pretty big, as you probably know. These are the number of individuals that were affected by data breach. Shocking, isn't it? So data privacy has become an urgent requirement. We're seeing more and more data breaches happening. We have data privacy regulations, of course, now. GDPR, which is out of the European Union.
But, as you see, this is a global issue, right. So if we look at the next slide-- if I can move it on. So you can see, as well, that we have internal threats as well as external threats. This is a survey from the CA Insider Threat Report, 2018. And they ask the people taking part in the survey is, where do they feel most vulnerable to attack? And 90% of companies said that they felt they were more vulnerable to insider attacks. Isn't that interesting? Not external attacks. Insider attacks.
66% of survey respondents said that insider attacks, accidental breaches more dangerous than external attacks. Interesting. And what was their number one highest risk IT asset? The corporate database. Shouldn't be as big surprise, right? That's where all the data is. So how do we make sure we protect it against attack? Let's talk about GDPR for a second because I started off talking about GDPR. So GDPR guidelines specify how companies collect, share, and store the personal data of EU citizens. Is this a problem that's restricted to the EU?
What about global companies? Any global company, including those in North America, that use data that originated from the European Union, is subject to GDPR. And I think a lot of US companies are beginning to realize that they may well be subject to GDPR regulations. For example, Google-- company you might have heard of-- they were fined recently $57 million US for improperly disclosing how data is collected across its services to prevent personalized advertisements.
Facebook, of course, that's probably one of the bigger ones you hear, right? $653,000. They were improperly sharing data from Cambridge Analytica. You probably heard about that one, right? And then finally, Equifax. Equifax were fined $653,000 US for failing to protect the personal information of 15 million UK citizens affected by a 2017 cyber attack. All right. These are-- these are headline issues.
And, like I said, this is not-- this is not an issue that's confined to European Union, right? It's not-- it's not even an issue that's confined to European Union and North America. You might have heard about the-- since we're in California-- California Consumer Privacy Act, CCPA, that comes into force in January next year.
New York Privacy Act. That follows on from the CCPA that comes-- that's already in force this year. And you can see, if you look across the globe, there are many, many other countries that have some form of data privacy regulations. All right. It's a global problem. So, from your standpoint, is your IT department doing all it can to protect the business data? Are you complying with GDPR, or any other data privacy regulations? Who is responsible of that? Do you have a data protection, or a data security part of your organization?
Do you have risk management piece in your organization? So whose ultimately responsible for managing this risk? How are you going to minimize the risk associated with data breaches? How are you going to identify and protect your personal data? Identification's the biggest issue. So how do you respond to these pressures? So if you're DBA, how do you go about finding where your sensitive or personal data is? Are you relying on metadata, or you do have some way of actually mining the data itself-- which is a more reliable way of doing it.
Once you've identified it, how are you going to protect it? It depends upon where it is. If it's production data, you might have to take a form of encryption or redaction. If it's not production data, maybe it's test data, maybe you can mask it. If it's production data, you may want to set some audit policies. How many of you have some sort of Oracle auditing in your environment? Yeah? How do you do that right now? Do you audit everything? How do you know what to audit?
If you have some way to selectively audit the thin
12:02