Who's Responsible for Protecting Personal Data?

Who’s responsible for protecting personal information from data thieves – individuals or organisations?

Recent research has shown that despite the fact identity theft is a long-time leading consumer complaint many individuals are careless with their information. In a 2016 Experian survey, almost half of over 2,000 British adults admitted that they rarely or never change their passwords. Good password hygiene is one of the best ways to protect credit cards and other information from thieves. 

Attitudes in organisations can be contradictory too. Further Experian research showed that while the majority of small and medium-sized enterprises (SMEs) said it is an organisation’s responsibility to protect personal data, 45% of them insist it’s not solely the company’s responsibility. Furthermore, 39% don’t think they’re even at risk of a data breach.

What it comes down to is the importance of both parties doing what they can to protect personally identifiable information (PII).

9 reasons why protecting personal information must be a priority in the workplace

• Information overload. There’s so much information to manage today – from new information being produced to archived files. A comprehensive document management process will track, cull, and protect all confidential information. 
• Data breach risk. The 2016 Cost of a Data Breach Study by Ponemon put the likelihood of a material data breach involving 10,000 lost or stolen records in the next 24 months at 26% for organisations around the world. 
• Financial costs. Fines for breaches of the Data Protection Act can reach up to £500,000. Overall, the average cost of a data breach to a UK business is a staggering £2.53 million.
• Consumer opinion. Experian data showed that 42% of consumers believe it is a company’s responsibility to protect consumer data. Plus, 64% of consumers would be discouraged from using an SME’s service following a data breach.
• Reputation. Experian also showed that 57% of British adults can name a business that’s been affected by a data breach; 54% say increased security measures by the organisation could help restore confidence.
• Mobile devices. All workplaces are increasingly relying on portable computing devices. Loss or theft of laptops is one of the most common ways that security of corporate data is compromised. Have a specific policy, and use layered protection including encryption software, virus protection, and password protection.
• Information thieves. Data breaches aren't always caused by intruders (such as computer hackers, and thieves who physically break into the workplace), but also insider carelessness, errors and wrongdoers. Introduce clear security policies and procedures, and provide ongoing employee training.
• Easy picking. Thieves mine rubbish bins, in-use and stored computers, and even used photocopier equipment and printers for valuable personal data. Confidential information has to be completely destroyed when it is no longer needed. Partner with a reputable document destruction company that provides destruction services for paper (secure cross-cut shredding) and electronic data (e-media and hard drive destruction). The company should provide a secure chain of custody, whether shredding on- or off-site, and a certificate of destruction after every shred. 

A Clean Desk Policy is a simple yet effective way to reduce the risk of a data breach – and to underline the importance of information security. Implement yours with this guide.