Education on data loss needed more than ICO fines, says Quest

By Danny Palmer
06 Nov 2012 View Comments
Concept image of broken USB representing a data leak

The Information Commissioner's Office (ICO) must focus on encouraging organisations to raise employee awareness of the need for robust data security, and not just rely on the threat of fines to do this.

So argues Phil Allen, director of identity and access management EMEA at Quest, the software vendor recently acquired by Dell, who believes visibility of the data security issue is the key issue.

Further reading

"People do need to understand that getting this under control is an important thing. I don't know whether specifically naming and shaming people will really raise that visibility, it may well do," he told Computing.

"I think people do need to consider the consequences of what happens when they lose information, especially personal identifiable information associated with it. People really need to think about the consequences of what happens when they lose that information and what would be the cost to the business."

Allen believes the impact of a data breach on an organisation's reputation is far greater than that of a fine by the ICO.

"I think realistically when people actually start losing that information, the overall cost to the organisation isn't the cost of the fine that they may get; it's far more likely that the cost of the damage to the brand, or the cost of the loss of customers is going to be far, far, greater," he said.

Employees need to realise they're responsible for sensibly storing data and adhering to the Data Protection Act, argues Allen.

"Whichever way people gain visibility to those losses, I think that's got to be the focus area; making people aware that they really are responsible. I think a lot of people understand that they've got the Data Protection Act that they need to follow and people have always taken the best interest in doing that."

However, Allen suggests some information is lost because businesses just aren't governing it properly.

"But data breaches do still occur and a lot of that happens because people are unwittingly having information end up in places it wasn't supposed to end up. That just comes down to the fact that there aren't necessarily levels of data access governance that could exist within the organisation," he said.

Greater Manchester Police was recently fined £120,000 by the ICO for failing to take appropriate measures against the loss of personal data.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

36 %
31 %
13 %
20 %