News of a data breach at the UK’s Scotland Yard has pushed the issue of data management and control back into the public eye. The Yard admitted accidentally sharing the personal email addresses of more than a thousand crime victims with other victims on its database. It was an easy mistake to make: In the course of sending a survey to 1,136 people, email addresses were entered in the wrong box, making them visible to all recipients.
In a worst case scenario, the maximum penalty for a data breach in the UK is £500,000.
No one sets out to lose data, but a glance at some of the most recent incidents reveals a common thread: human error. At a time when organisations across sectors are under increasing pressure to adhere to the often competing demands of transparency, cost-effectiveness, privacy and collaboration, data leak incidents are in danger of undermining reputations, brands, revenues and effective business strategies. It’s a high price to pay for an accident and if government privacy agencies are increasingly less forgiving of mistakes, customers – both existing and potential – are even less tolerant. According to research undertaken by the Ponemon Institute in October 2011, data leaks cost a minimum loss of 12 per cent in terms of brand damage; in some instances, this rose to an almost 25 per cent loss of brand value as a direct result of a data leak incident. As I’ve said, it’s a high price to pay for an accident that could easily have been prevented.
Data leak prevention, Web and Email Gateways and strong, flexible policy-based encryption work in tandem with effective education and management policies to reduce the potential for costly human error. Encryption and decryption, for example, can be performed automatically and centrally within flexible policy parameters and without the need for user interaction.
This doesn’t mean limiting end user ability to share and communicate – recognising the content is important, but so too is the ability to apply context to the data before making the decision to encrypt whether or not the end user selects that option.
It’s all about striking a balance between risk and real-world working requirements – and making sure that human error doesn’t get in the way.
by Alyn Hockey
No comments:
Post a Comment