Information Security in the UK: why are complaints rising?
When the Information Commissioner’s Office (ICO) launched its annual report recently, its findings were surprising. The 2013/2014 financial year saw a record number of data complaints made to the body: over 15,000, a 10% rise on the previous 12 months. In particular, as noted by this BBC report, the study showed a high number of incidents involving local government cases where personal data was disclosed in error. But it all begs the question: why are the number of data complaints rising?
Lack of knowledge and understanding, alongside human error, could go some way to explaining the increase. In Shred-it’s own survey of information security attitudes in the UK – the Security Tracker, published at the beginning of July – we found that there were still some gaps in knowledge.
Our results showed that many companies believe they do not possess any documents that could be considered to be confidential but when every company creates employee records, payslips and client/customer information then this is obviously a serious error. And these are just some of the typical types of documents that could be considered to be confidential, there are many other examples.
Do you take minutes at meetings where the information is business sensitive? Do you print out emails, reports or spreadsheets containing financial data? Do you use a notebook – could you be scribbling down sensitive information without really thinking about it? It’s not just paper documents either. As the BBC pointed out in their report, the ICO even intervened when Staffordshire Police ran a Twitter campaign naming people charged – but not convicted – with drink driving, using the hashtag #drinkdrivers!
It sounds funny but the repercussions are anything but. From a loss of revenue and damage to reputation to losing the trust of customers, employees and shareholders, the risks are great. Did you know that the ICO can fine you up to £500,000 for a security breach? Almost half of the businesses we surveyed in the Security Tracker didn’t!
Another stat from the ICO report to note is that the number of calls to its advice helpline are also rising, by more than 15%. This could mean that businesses are recognising that they need more support when it comes to information security and are asking for help and guidance to ensure that protecting confidential information is a top priority.
When Shred-it launched the Security Tracker, Executive Vice President for EMEA, Robert Guice, called on the Government to place more emphasis on information security, putting it at the top of the business agenda. We’re keen to work with the Government and their official information body – the ICO – to continue to educate and inform businesses in the UK.
What do you think businesses should be doing to stop data security breaches? Tweet us your views @Shredit_UK. Make it your priority to ensure your business is safe from data security breaches and the repercussions from the ICO. Use Shred-it’s DIY security risk assessment to find out what is the level of data security in your business.