Wake Up Call for Private Sector

21 Oct 2011 - Actions speak louder than words

New figures published in the Information Commissioner’s Annual Track survey show that nearly three quarters of businesses surveyed know that the Data Protection Act (DPA) requires them to keep personal information secure. Awareness has gone up 26% on last year’s figure.
 
Despite this, public confidence has fallen. Less than 50% of individuals surveyed believe that organisations process their data in a fair and proper manner and this concern rises to almost 75% when considering web-based businesses.

This concern is possibly justified with 58% more breaches being reported to the ICO so far in 2011/12 than in the same period last year.

Whilst the Information Commissioner, Christopher Graham, is encouraged that the private sector is waking up to its data protection responsibilities he went on to say that the sector does not seem to be putting its knowledge to good use. He declared “Businesses seem to know what they need to do – now they just need to get on with doing it.” He went on to warn “It’s not just the threat of a £500,000 fine that should provide the incentive. Companies need to consider the damage that can be done to a brand’s reputation when data is not handled properly. Customers will turn away from brands that let them down.”

Cryptzone View

Security concerns and in particular data protection requirements are here to stay. This report shows that organisations are aware that they need to implement good information handling procedures, but that they have yet to be translated into effective practice across all business units.

Technology controls are becoming more affordable and easier to implement, so such defenses need to be put in place. However as threats continue to evolve rapidly it becomes even more important to educate staff about security issues. More vigilant staff who act quickly greatly help to reduce the likelihood and severity of security incidents. So alongside security projects initiated by IT departments, HR and line of business managers need to communicate the importance of security policies and procedures to their staff. Leadership from the top helps to persuade busy employees that security is taken seriously by management and lax attitudes and risky behaviour are no longer acceptable.  Staff will soon realise that it is not just fines and reputational damage they need to worry about, but their careers might be on the line if they choose not to follow procedures properly.

Note: The ICO’s 2011 annual track survey was undertaken by SMSR on behalf of the ICO. Nearly 2,500 individuals and over 800 companies were interviewed – both from the private and public sector.