Home What is Data Spillage?

What is Data Spillage?

Data spillage occurs when sensitive, confidential, or malicious information is movemed into an environment not authorized to possess or view the data. The root cause of a data spillage is typically carelessness, incompetence, or other human error. There is generally no malicious intent (the data is exposed by mistake,) although the costs and legal consequences can be severe.

Data spillage occurs when sensitive, confidential, or malicious information is movemed into an environment not authorized to possess or view the data. The root cause of a data spillage is typically carelessness, incompetence, or other human error. There is generally no malicious intent (the data is exposed by mistake,) although the costs and legal consequences can be severe.

Data spillage or spill is also known as data leakage, data exposure, data compromise, or data breache. The last-mentioned can be ambiguous for some countries and institutions, since data breaches are considered to be intrusions into sensitive systems perpetuated by hackers or unauthorized users, attempting to gain and maliciously use the data. Therefore, a data breach is more likely to be defined as a hack.

Many organizations have policies and procedures to promote best practices for securing data and avoiding data spillage; however, data spillage can still occur. When a data spillage incident is detected, depending on the internal processes, there are a few things organizations can do to minimize the damage: 

  • Awareness and reporting: When data spillage is detected, it must be reported to the appropriate authorities and declare a spillage level.
  • Risk assessment and containment: The organization must assess and analyze the data to understand the size of the spill, and quickly contain it.
  • Clean up: Once the evidence has been collected and documented, the spill should be cleaned rapidly and effectively as possible.
  • Take corrective action: It’s important to document the spill and carry on training to prevent similar incidents.

Perhaps the best-known example of data spillage was Facebook's Cambridge Analytica scandal, which dominated news headlines in early 2018. The incident has been referred by some media as a hack, but technically, it was a spill. Cambridge Analytica didn’t attempt and break Facebook’s security. Instead, they make use of a mistake in Facebook's API to get access.

Since May 2018, companies worldwide must consider their entire data management process to comply with the General Data Protection Regulation (GDPR). The GDPR states that companies must make sure that personal data is processed legally, transparently, and for a specific purpose. GDPR applies to all companies processing and holding personal data of EU residents, regardless of the company’s location.

The GDPR has severe consequences on an organization’s processes around the handling of personal data. Compliance with GDPR requires data processors and data controllers to implement appropriate technical and organizational measures. Companies that fail to comply face potential fines of up to €20 million or 4 percent of the annual total revenue.

Other Resources

How NetApp Deals with Data Spills – NetApp Secure Purge