Training is the key to data protection

With fines for mishandling personal data set to increase in a couple of weeks, how confident are you that your employees are handling this kind of information responsibly?

From April, the Information Commissioner’s Office will have the power to fine firms up to £500,000 for data mishandling. But it’s not just a massive fine that culprits have to worry about. There is also the negative publicity that can be hugely damaging to a company’s reputation and further business opportunities.

Paying fines is the last way any company wants to spend money, especially in the current economic climate. Yet press stories about data breaches keep appearing with monotonous regularity because too many businesses both large and small still take a half-hearted approach to data protection.

We are all anxious about protecting our own privacy but if you talk to the typical employee, how important do they consider the protection of other people’s data?

One problem is that most employees do not understand the corporate IT architecture. Do they store their personal contact details on a file on the server? Are they the only person with access to that data? Often they won’t be sure.

Home working adds to the problem as staff without server access take data home. Some firms tackle this by imposing restrictions on data moving outside the building. This is one solution but it can make working remotely difficult. And remote working is essential to the modern business.

The solution is good old-fashioned training. Most companies offer new employees a human resources induction. Better companies offer a facilities induction. But how many offer an IT induction? Usually this just consists of signing a form to say that you won’t do things with your computer that you don’t fully understand.

It is about time IT took the lead and supported employees in protecting themselves and their companies. Instead of just clamping down on the use of information, teach your people about data protection, show them how systems work and explain what they can and can’t do. With that information, we need never hear about a lost laptop or memory stick containing personal data again.