Legal, privacy and regulatory organisational risk all overlap around data. Financial institutions face severe fines if bank transactions (all stored electronically) are not monitored continuously and tested independently. Retail organisations must properly manage customer information daily or suffer reputational risk.
Data is a slippery beast to control as it is highly portable and malleable and therefore can easily escape into different places and take different forms. Consider a customer list being downloaded from a secure CRM system into Excel and later being copied to an unencrypted USB drive so that an employee can work from home. In situations such as this, data can easily slip out of the control of the organisation responsible for its safeguarding.
Data warrants additional protection due to the increased number of stakeholders, especially as those stakeholders have limited power, control or influence over how their data is handled or managed once within the organisation. In many instances, the only action that customers can take is to move their business to an alternative provider, assuming one is available. Even at a new organisation, there is no guarantee that the data is more secure than within the hands of the previous organisation.