ICO reveals patchy progress from firms over data protection


ICO reveals patchy progress from firms over data protection

Simon Quicke

Awareness of the dangers of losing confidential data and the subsequent fines that could be imposed does seem to be getting through to businesses but at the same time users are losing confidence in how their personal information is being handled.

The latest survey of the state of how sensitive data is handled from the Information Commissioner's Office (ICO) showed that almost three quarters of firms were aware that they needed to look after personal information, a climb of 26% on last year, but less than half the public think that this is being carried out.

In particular almost three quarters of those quizzed felt that online companies were not keeping their data secure, which is not surprising given the numerous breaches that have happened in the last twelve months.

"I'm encouraged that the private sector is waking up to its data protection responsibilities, with unprompted awareness of the Act's principles higher than ever. However, the sector does not seem to be putting its knowledge to good use. The fact is that security breaches in the private sector are on the rise, and public confidence in good information handling is declining," said Information Commissioner Christopher Graham.

"Businesses seem to know what they need to do - now they just need to get on with doing it. It's not just the threat of a £500,000 fine that should provide the incentive. Companies need to consider the damage that can be done to a brand's reputation when data is not handled properly. Customers will turn away from brands that let them down," he added.

The reaction from those in the channel selling data security solutions was not one of surprise to the latest results from the ICO given the large number of breaches that have impacted a fairly wide number of people.

"Why should the public have any faith in the existing practices employed by organisations, when news report after news report highlights a series of serious data protection failings? Over the last few months we've seen a plethora of NHS Trusts hit the headlines over the loss of substantial and confidential patient information," said Nick Lowe, vice president of sales EMEA at Cyber-Ark.

"Throw into that previous reports of the police snooping on citizen's personal details and it's not exactly going to do much to bolster public confidence in the state of data protection today," he added.

He warned that "awareness on its own is not going to obliterate this growing problem" and more action was needed to make sure firms were putting water-tight policies in place.

Ross Brewer, vice president and managing director of international markets at LogRhythm, thought that although some progress had been made there was still a long way to go.

"While the ICO seems to think almost three quarters of organisations knowing that they should keep personal data secure is a positive thing, I'm shocked that over one in four is unaware of such a common sense requirement," he said.

"Furthermore, just because organisations are aware of their obligations does not mean they are fulfilling them. Regardless of what the DPA requires, the high profile breaches that regularly make the headlines should have made it patently obvious that ensuring data security is not an option," he added.

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.