It’s a fact of life that people make mistakes. We are all unavoidably imperfect and, therefore, entirely susceptible to forgetfulness and error. Perhaps you forgot to set your alarm clock, spilled coffee on a colleague’s suit – or even left your work papers in a café or bar in your hurry to catch the train home.
It is not entirely surprising then that recent statistics from the Information Commissioner have revealed that data breaches in the private sector rose by 58% in the last year. The ICO says that it is satisfied with its progress in raising awareness around data security; but that public confidence in a business’ ability to keep data secure has fallen.
According to research released for National Fraud Prevention Week 2011, a staggering 96% of customers are not confident that firms are taking sufficient action to protect them against security risks and fraud.
The research, by Fellowes Europe, also revealed that only around half (52%) of businesses have policies in place to protect the identity of individuals who have presented their personal details.
A mistake in accounting costs money. A careless social media post or email can cost a company its reputation. A data breach could cost you both.
Common sense alone suggests that company-wide responsibility for data protection should therefore be concentrated in the hands of those with a good overview of all the information moving in, out and around the business.
This includes the paper. However, recent research carried out on behalf of the British Security Industry Association revealed that in more than a third of cases (38%) it is the IT manager who takes the lead in ensuring compliance with the Data Protection Act.
IT managers are highly skilled in co-ordinating and protecting digital files, but handling and managing paper documents often falls outside their area of expertise. This is hardly surprising. It follows that IT managers often feel overwhelmed and stressed by the burden of managing information – as reported in CBR in late October.
A good way forward is to introduce a blended digital/paper approach, led by IT, and implemented in collaboration with departments that regularly handle paper-based data – such as HR, sales and finance. This should be actively and visibly supported by senior management. Training is essential: every employee who comes into contact with potentially sensitive data should be aware of the implications involved if this information were to fall into the wrong hands.
It’s crucially important that information security policies are introduced across the business as a whole. For paper documents, this could include restrictions on removing data from company premises (for example taking sensitive paper documents home or printing work emails from a home PC) and standard procedures for filing and storing paper records at the end of a working day.
Busy IT departments might want to consider using a reputable, legally complaint third party to securely remove, archive and, when appropriate, destroy paper documents for the business.
Making data protection an integral part of the daily routine of a business is one of the most effective ways of preventing a serious data breach. Placing the responsibility solely onto the shoulders of the IT department is unfair without the back-up and support of other departments.
Despite the best efforts in the world, there is little IT managers can do on their own to stop a member of the HR team printing off an email containing sensitive customer information, taking it home, and then disposing of it in the kitchen bin.
Effective data management is integral to customer trust and the survival and prosperity of your business. It is vitally important in these increasingly digital times that paper is protected too.
Christian Toon, head of information security Europe at Iron Mountain.