In November this year, the European Commission (EC) will publish its new version of the Data Protection Directive, the legislation on which the Data Protection Act is based, and amongst the new measures will be instructions on data processing. The updated version will include a 'mandatory data breach disclosure' law for every organisation in the public and private sectors. Adoption of the law is expected by early 2013.
Currently, it is optional for private companies to report data breaches so it is fair to assume that there are many leaks which occur that we never get to read about in the papers. This will all change once this legislation is passed. All companies’ data discrepancies will then be open to public inspection and the impact of any kind of data breach can be felt not only on the bottom line but also at a brand and reputation level. However, there are a few simple measures you can take now to avoid any corporate embarrassment down the line.
Firstly, make sure employees understand IT policy; those that are responsible for data need regular clarification on what activities may put data security at risk as well as what is and what isn’t permitted by the business. This can be achieved through frequent communication and training. In addition, once you have formulated a policy make sure it’s enforced. In extreme circumstances, this may mean having to take disciplinary action if rules are transgressed, but if you’re too lenient then nobody will take the policy seriously.
Interestingly, this EC news comes out in a week where analysts are predicting an increasing appetite for cloud computing. Ovum is claiming that spend on cloud services is growing 29% year-on-year, by 2015 it will have reached $66 billion. When you consider that the security of data is the number one concern about moving to the cloud, we have a curious dilemma for corporate UK. Businesses will not only be using services which potentially leave them more prone to data loss but if the worst happens they will be legally enforced to tell the world about it.
Richard Turner
No comments:
Post a Comment