Two-thirds of British businesses have been prompted to re-think their data protection strategy by 2014’s headlines.
According to a survey of 850 senior IT decision makers across Europe by Trend Micro, while 68 per cent are rethinking their data protection strategy, 24 per cent have not. Rik Ferguson, vice president security research at Trend Micro, said: “That businesses are being prompted by news coverage of big breaches suggests that the current penalties aren’t doing their job. Driving change is what the fines are meant to do: the financial incentives aren’t big enough at the moment.
In an effort to protect themselves against these threats, the majority of UK organisations have increased staff awareness (72 per cent) about data security or implemented encrypted passwords (60 per cent). Around half have implemented remote wipe technology for lost devices (47 per cent) while a third (32 per cent) have implemented advanced technologies to identify intruders on the network that might steal data.
In an email to IT Security Guru, Jonathan Baines, chair of the National Association of Data Protection Officer (NADPO), said that while one would prefer that all organisations keep their data protection strategies under constant review, it was quite reassuring that considerably more than half have this on their radar.
He said: “It’s very difficult for organisations to know how to plan strategies, because the future is still uncertain. It’s now two-and-a-half years since the general Data Protection Regulation proposals were first published, and although both the outgoing (Vivane Reding) and incoming (Martine Reicherts) European Justice Commissioners are bullish about the Regulation being passed soon, organisations could be forgiven for hanging back on major strategic reviews until there is more certainty.”
The survey also found that 18 per cent of Brits feel that the Data Protection Directive (DPD) will prevent organisations from “losing or illegally collecting data about European citizens”, while a third (32 per cent) of respondents do not have a formal process in place to notify customers in the event of a data breach.
Ferguson said: “Awareness is growing among companies that the new EU data legislation will have a significant impact on their businesses, but there is still some way to go. It’s frightening considering how close it is and how little some organisations know.
“Large enterprises are aware they have to be compliant, but smaller organisations don’t have the right people looking at it. Ultimately it’s the government’s responsibility to make sure that business is aware of what this means, but whether that’s the UK Government or EU government is a key question.”
Baines said that while the 18 per cent was the lowest in Europe, Brits are perhaps being a bit optimistic. “Data Protection law provides a framework for protection of personal data, and an enforcement mechanism in the case of non-compliance. What it can’t do is a give guarantees against human error, or human misdoings, or organisational failings. I doubt they will ever go away,” he said.