Most people work for small businesses. It’s one of those old clichés but 99.9% of businesses employ less than 250 people, according to the Federation of Small Businesses, and 59.3% of us work for one of them.
So, rounding up, 6 out of ten people work in a business that is highly unlikely to have lots of fat hanging around the place developing convoluted processes and making sure that everything is totally compliant with every regulation some pesky bureaucrat wants to write from his ivory tower in Brussels. The staff manual will spend very little time on data security. I have certainly never come across one that tells people not to store files on their own hard drive, for instance.
Personally, I could not care less about my staff checking in on Facebook during their lunch break but I do care about what is on hard drives and what memory sticks have on them when they walk out the door. And I care even more if we are about to dispose of anything with a memory or a hard drive.
I am old enough to remember memos. (These were like emails printed out, except they were type-written and not instant. Yes, we did have electricity then. Yes we just about had colour TV.)
I worked for a big company as a management trainee in my first job when computers were big things fed with punch cards in another building producing those huge unreadable printouts with the holes down the side, and any private and confidential documents were typed up and treated like the Turin Shroud.
Often the director’s secretary would deliver them herself, in a pink internal envelope rather than the usual beige (because only director’s produced private and confidential documents of course). They were never left on desks but filed away like James Bond’s expenses, never to be seen by spotty trainees like me.
As I rose up the slippery pole of success, I got to send memos of my own. I never ever had my own secretary but I shared one and it was quite a thrill to dictate into a little tape machine and get my little missives back to sign a bit later on (a lot later on if you didn’t butter up the secretary!).
However, one result of this somewhat convoluted process is that you only sent a memo if you really needed to. Committing something to paper, creating a semi-permanent record, was a serious matter and you could not afford to waste anyone’s time.
How times have changed! We now send an email if the coffee machine is broken, and copy in just about anyone who might have a hot beverage related concern. And that is all saved somewhere. It all still exists on those wretched drives, ready to come back and bite you.
Come to think of it, the contents of my boss’s filing cabinets were not the most secure places in the world, and a determined thief could no doubt get in, but there were no data protection laws about burglary at the time as far as I remember. In fact I am pretty sure data processing was left to those strange computer operators who worked in that place with the punching machines and all those tapes, which looked rather like the Tardis. You did not get fined if someone nicked your personnel records in those days because it never happened.
Progress has given us new problems. One laptop can quite easily hold your entire customer database and enough confidential information to make the Information Commissioner choke on his mid afternoon sherry. (I like to think he has one. Chris Graham used to work for the BBC after all and he went to university in Liverpool, so he must have had the odd snifter!)
So, back where I started, how does a small business keep track of its data and the equipment that holds it, because you can’t just lock it in a filing cabinet and forget about it anymore? Having a clearly communicated process about company data, it’s storage and security, including erasing it from any equipment being refreshed, is at least as important as telling the staff that they can’t tweet on company time.
Maybe even more important, who knows?