Have lessons of last year's HMRC fiasco sunk in?

Data security lessons must be learnt

This month marks the anniversary of the loss of more than 25 million citizens’ personal data by HM Revenue & Customs, and worryingly, we continue to hear of data losses.

So what can be done to safeguard our valuable data? First, we can use technology more effectively to protect our systems. Second, we must be more vigilant when managing sensitive data.

Our research has found that privacy requirements must be fed in at four stages of system design ­ initiation, planning, execution and system decommissioning.

At project initiation, the designer discovers what sensitive data may be involved, introduced or addressed by the project. The planning stage then enables IT leaders to develop detailed requirements. During the execution phase, the project owner should sign off any privacy-related issues before the work goes live. Privacy must finally be addressed at system decommissioning ­ this involves secure deletion of data from computer media before disposal, or destruction of paper records before vacating buildings.

Nevertheless, even the most sophisticated software-engineered security system can be seriously undermined and the cause is human beings. If people realised the financial value of their personal information on the black market is more valuable than, say, their computer, they would be more careful.

I see privacy violation in the workplace as well. In fact, leading IT economists have found that computer security systems often fail because people who maintain them lack the drive to keep systems up to speed. In this situation, managers must play an important role through their liaison with staff.

I see safeguarding privacy as striking a balance between using technologies, educating people about the true value of their data, and employing common sense. Let’s not mark another significant data loss anniversary this time next year.

Nigel Jones is the director of the cyber security at business group the Knowledge Transfer Network