The UK’s Equality and Human Rights Commission (EHRC) has released a report criticising the British government for the way it collects, stores and uses personal data. According to Protecting Information Privacy, current privacy laws simply aren’t up to the task of preventing frequent breaches of personal information.
I agree – albeit for different reasons than those given by the commission. The commission says that many government agencies don’t realise when they’ve broken data protection laws and are unaware of their obligations. But the UK’s Data Protection Act is very clear on what those obligations are – the failure isn’t really the law itself, it’s the failure to understand that privacy laws in and of themselves won’t stop data breaches. The only thing that can stop that is greater awareness and the simplification of the law.
To be fair, the Commission calls for more simplicity in the law and regulatory framework. But that on its own won’t solve the problem; as with so many things in life, it’s all about the human factor. Organisations that collate personal data need to engage in a culture shift, stop viewing themselves as owners of data and start thinking like custodians – with all the responsibilities that come with that role.
Even without the current regulations, many organisations will find that a lot of the controls and policies that can protect them from a data breach are already in place – they just need to manage them correctly. While debate around the current data privacy legal landscape has been very focused on the financial penalties transgressors face, many organisations are adopting a policing approach to data security, blocking sites or only referring to policy after something has happened. Organisations need to work harder on making policy a living, breathing part of their business. This means making security more visible in the business, educating and updating end users on what’s expected of them and employing technologies like encryption to make sure that, if the proverbial does hit the fan, at least the damage done can be limited in a meaningful way.
By Nick Peart
No comments:
Post a Comment