Board should be liable for breaches, say security profesionals

Websense survey finds IT is not to blame

Chief executives of firms that expose customers' confidential data should be put under arrest and jailed, according to a survey conducted by web security firm Websense.

The survey of over one hundred global security professionals was conducted at the annual e-Crime Congress in London.

Over a quarter of respondents said that a jail sentence is the appropriate punishment for a serious data breach, while only three per cent said they did not believe any legally enforced punishment was necessary.

In the 2007 survey, only 74 per cent of the security professionals believed the Board should be responsible for data breaches, but this year the figure increased to 95 per cent. However, less respondents blame IT - only 5 per cent said the IT department should be responsible for breaches, in comparison to last year’s 21 per cent.

This change of opinion could stem from the large number of data breaches that have occurred since last November’s HM revenue and customs loss of 25 million data records which were stored on two discs.

Carrie Hartnell, transformational business programme manager at trade body Intellect, agreed that losses are the outcome of human error rather than because of a failure in technology.

Hartnell argued for a shift in societal and cultural attitudes in how people treat personal data.

“Intellect believes that organisations and government departments should have a co-ordinated approach to data security that recognises the need to educate and train its staff around the handling and use of personal data as well as the appropriate technical security measures,” she added. “They need to ensure that their employees know when they are accessing confidential data and that they understand the policies and procedures for protecting it."