Data mapping may be the first step on the road to privacy compliance, but for some organizations it’s a steep drop. The sheer volume of data being inventoried and the inherent limitations of technology solutions designed to help means that many companies or law firms are looking at maps with more than a few holes in them. 

“It’s not for lack of trying or for lack of willful intent to get to a good [outcome] here. It’s that there are too many solutions that are too ‘not great’ or too expensive and this is a hard issue,” said Christopher Ballod, an associate managing director in the cyber risk practice at Kroll.