Organisations still not taking the security of data seriously
“Shutting the door after the horse has bolted is one thing. Continuing to ensure it stays open is quite another.” That is the view of Andrew Bernard, chief executive of CitySprint. Since the highly publicised child benefit issue when 25m records, including names addresses and bank account details, went missing when a disk was lost in the post, there have, according to the ICO, been another 711 reported security breaches.
A recent report from the Information Commissioner’s Office (ICO) has warned that the number of incidents of loss or theft of personal data has risen to an ‘unacceptable’ level in the past year.
In the past security of data and information transport has been compromised due to the absence of a truly tailored solution. Without a tailored solution organisations have often sent highly personal and valuable data by overnight carriers or by less secure means. In Q2 2008, we launched our SecureData Courier service designed specifically for sensitive deliveries. This service provides a reliable and secure solution to those wishing to send valuable and sensitive data within the UK. So it could be argued that there is now no excuse. Yet, despite the high profile nature of many of the ‘lost in transit’ cases many public and private sector organisations alike have still to cotton on to the added-value such services provide and continue to choose less-secure and ‘cheaper’ options.
Could new proposals which will see such offenders risk fines of up to half a million pounds from 2010 be the motivation they need to take data security more seriously? Or is apathy simply too engrained?
It is understandable that organisations are looking to manage their costs effectively. However, the reality of this budget conscious, or naive, purchasing is that 434 organisations reported data security breaches during the past 12 months, an increase of 277 from the year before.
Whilst many organisations have welcomed the introduction of our tailored service we are still witnessing resistance from some organisations that aren’t willing to pay the premium or simply don’t view the additional security elements as vital. SecureData represents a cost-effective solution, particularly when you consider the alternatives, but many organisations still only see the ‘cost-per-package’. We have worked hard to ensure this service is competitively priced but is inevitably going to carry a premium due to the ‘premium’ nature of the service.
The irony is the reluctance to pay a small premium today may, in fact, result in a far heftier cost implication further down the line. When we are talking about personal and private information which has been entrusted to these organisations do we have any sympathy? Or should the ICO just bring it on!