- Home
- News
- Forum
- Events
- Editor's Blog
- Current issues
- Caption Competition
- About us
- Downloads
- Useful links
- Subscribe for free
Business concern over data protection
Released 19/07/2010
Organisations say data protection laws are too relaxed
Businesses are concerned about the robustness of data protection legislation, according to a new survey of almost 1200 organisations.
The survey, conducted by Sophos, discovered that nearly 50% of respondents feel that the laws are too relaxed and require revision, while a staggering 87% feel that organisations should be forced to disclose when sensitive data about the public is exposed.
The survey, which was designed to gauge respondents' views on current legislation, showed that 36% were concerned about the additional complexity and 16% were concerned about the associated costs of complying with the legislation.
In April this year, the ICO was empowered to impose fines of up to £500,000 on companies found to have breached the data protection principles, while the Ministry of Justice (MoJ) earlier this month issued a Call for Evidence to learn whether the European Data Protection Directive 95/46/EC and the Data Protection Act 1998 is working and how it is impacting on individuals and organisations.
BIG NEWS
"Data protection legislation is obviously big news in the UK right now, and we were interested in capturing the general feeling of businesses," said Ciaran Rafferty, VP of Sophos UK and Ireland. "The survey's findings revealed that while almost 40% of businesses were confident they complied with the legislation, more than half were unsure or concerned about whether they were compliant. Sophos would urge all businesses with concerns about the current UK legislation to offer their views to the MoJ. Only with feedback from UK businesses can the MoJ properly assess whether the legislation needs further amendments."
Earlier this year, Sophos teamed up with law firm Field Fisher Waterhouse (FFW) to help organisations avoid the serious consequences linked to security breaches and data loss. This partnership was set up both to educate companies on the current legislation and provide them with advice on the most efficient and effective way to comply with its requirements. In the event of a breach, this partnership aims to direct organisations through the incident response process in order to improve their position amongst regulators as well as avoid brand damage.
"It is no surprise that data breaches and data security are of increasing concern for both public and private sector organisations," said Stewart Room, data security lawyer and partner in the Privacy and Information Group at Field Fisher Waterhouse. "Working with IT security experts at Sophos, we are advising companies on how to avoid data breach incidents, as well as help them deal with the aftermath and potential consequences."
Another question asked if data protection legislation was preventing companies from running their organisation effectively to which 41% responded that cost and or complexity were issues.
TOP TIPS
Sophos's Ten Top Tips for protecting sensitive data in your organisation from theft or loss:
1. Encrypt all confidential info. Keeping sensitive information inaccessible from prying eyes.
2. Use hard-to-guess passwords. Enforcing good password usage is key to stopping hackers crack into your systems.
3. Keep security software up to date. New malware is being released all the time and spreads at alarming rates. Updating your software automatically is key to defending against the latest threats and vulnerabilities.
4. Danger USB! Unauthorised use of USB storage devices could lead to data being lost from your company. Control usage with security software.
5. Knowledge is power. Find out what your local legislative requirements and review your security strategy to ensure you are compliant. They will be able to advise on what type of technologies, processes, and policies are required by law.
6. Prepare for disaster. Create a plan of action to follow if a severe data breach takes place. Swift reaction can make a huge difference to legal ramifications and corporate reputation.
7. Education is key. Find an engaging way to explain to staff the value of data and talk through the technologies, policies and best practice. Have employees be part of the army safeguarding sensitive data rather than keeping them in the dark.
8. Encourage - rather than punish - employees who report potential data loss or breaches. The information can help you mitigate against costly risks.
9. Don't lock it all down. Employees today need a lot of online freedom to be efficient and effective. Locking everything down will only encourage employees to find nefarious workarounds. Talk to them, find out what they want, and figure out a way to give it them in the safest way possible.
10. Back seat bungles. It's all too easy to leave a laptop or smartphone, containing sensitive information in a taxi or a public place. Data should always be encrypted, but also use a remote wipe facility if devices are lost.