Data protection is still high on the agenda for business and continues to remain a hotly debated topic in the press. We recently carried out a survey of EU businesses professionals about attitudes, practices and technologies relating to data security and protection.
One of the most surprising results was that the majority of those questioned (43 percent) cited fear of reputational damage as the major reason to fall in line with data laws, compared to less than a third (31 percent) saying that financial censure is the biggest impetus. I wonder if the same would be true if we asked a similar question in the US?
While the value of reputation should not be ignored, perhaps this result could also indicate that fines are perhaps not stringent enough? Currently, the UK Information Commissioner’s Office (ICO), the public body which reports to UK Parliament and is sponsored by the Ministry of Justice to oversee data protection and privacy, can impose a maximum fine of £500,000 ($800,000).
Either way, what is apparent is that businesses simply cannot afford – either in terms of cost or reputation – to deal with the potential fall-out from unsafe business practices such as unsecured file sharing and they are clearly looking to governing bodies to take the lead in implementing further, stricter regulation. The vast majority surveyed (57 percent) think the ICO needs to be more aggressive in its approach. This is despite the fact that the UK is seen as having stronger data protection laws than either France or Germany.
But not everything can be laid at the door of regulatory bodies. The survey also highlighted that organizations still need to take more responsibility for their own file transfer practices. Far too many (53 percent) still rely on unsecured procedures for transferring sensitive files to get work done and nearly a fifth (19 percent) admitted to losing critical business documents.
Clearly, businesses need to have systems in place to mitigate security breaches, and – just as importantly - rigorously ensure those systems are appropriately used.
Data protection is not an issue that is going to go away. We urge all organizations to re-evaluate their file transfer methodologies, before they end up paying the price, either in diminished brand reputation, customer losses or financial penalties.
I’ve included the key conclusions from the survey and an infographic below and would love to hear your thoughts, from either a European or US perspective.
- 31 percent of business professionals say that financial censure is the biggest impetus for complying with data protection or staying in line with ICO guidelines, while nearly half (43 percent) cite fear of reputational damage to their brand as the major reason to fall in line
- The survey also reveals that over half of respondents (53 percent) admit to sending business sensitive documents over unsecured email, while nearly a fifth (19 percent) also admit to losing critical business documents
- 64 percent of respondents consider the UK to have the tightest data protection laws, 30 percent name Germany as having the strictest laws, while six percent of respondents believe say that France has the strictest data protection
- Almost three-quarters (71 percent) of respondents believe UK data protection laws should be stronger to protect businesses and consumers
- Over a quarter of respondents (27 percent) have never heard of the UK Information Commissioner’s Office (ICO), the public body which reports to UK Parliament and is sponsored by the Ministry of Justice to oversee data protection and privacy
More than half (57 percent) agree that the ICO should be more aggressive in its data protection responsibilities