I saw Pink Floyd’s The Wall at Earl’s Court on the first tour after its release. No idea why. Never liked Pink Floyd really. But we all remember the hit single, don’t we? I sometimes wonder if the choir insisting that they ‘don’t need no education’ were a group of small businessmen and women. Not the vertically challenged you understand, but the very lifeblood of our business communities, the people who create wealth and new jobs to drive the economy forwards, the much-derided SME.
Over far too many years I have worked closely with a lot of small businesses. Most are dynamic, hard working teams focussed on their own particular speciality...and therein lies the problem of course. It is that focus on their day to day existence which exposes them to ignorance in other important areas and responsibilities. Most are reasonable and intelligent people, and if you can sit them down and explain something to them they get it and will do the right thing. But getting their attention is often hard, and if they can’t appreciate the risk of not doing something they don’t usually see much of a reason to waste their time doing it.
Data Protection and Data Security unfortunately fall into this category. Most SME’s take the view that the laws don’t really apply to them. If you are little, or comparatively little, you will get away with murder, figuratively speaking.
And the annoying thing is that they are right, of course. I can categorically assure you that small companies take absolutely no notice of the regulations designed to reduce unsolicited marketing campaigns for instance. They will use any data they can get their hands on, because the chances of them getting caught and punished is so infinitesimally small that they just don’t give it a second thought.
Yes, I know that is a sweeping generalisation but it is predominantly true nevertheless. They don’t do it deliberately per se, they just don’t know the ins and outs and don’t think that their little mailshot counts.
The fact is it does count and although relatively few businesses are punished by the Information Commissioner, they are still breaking the law. But until someone tells them, and helps them do things properly, they are not aware of the risks.
The government needs to educate as well as regulate and legislate. If we want better data security all business owners need to be aware of what they should be doing and why. Speaking to SME’s about ITAD is a chastening experience. The vast majority do not know what to do. In very many ways, that is why we started this humble blog.
Explaining it on the ICO website is not enough. If we really want to protect data and ensure it is being used and disposed of correctly, we need to educate the SME.