Legal, privacy and regulatory organisational risk all overlap around data. Financial institutions face severe fines if bank transactions (all stored electronically) are not monitored continuously and tested independently. Retail organisations must properly manage customer information daily or suffer reputational risk. 

Data is a slippery beast to control as it is highly portable and malleable and therefore can easily escape into different places and take different forms. Consider a customer list being downloaded from a secure CRM system into Excel and later being copied to an unencrypted USB drive so that an employee can work from home. In situations such as this, data can easily slip out of the control of the organisation responsible for its safeguarding.