Most people work for small businesses. It’s one of those old
clichés but 99.9% of businesses employ less than 250 people, according to the
Federation of Small Businesses, and 59.3% of us work for one of them.
So, rounding up, 6 out of ten people work in a business that
is highly unlikely to have lots of fat hanging around the place developing convoluted
processes and making sure that everything is totally compliant with every
regulation some pesky bureaucrat wants to write from his ivory tower in
Brussels. The staff manual will spend very little time on data security. I have
certainly never come across one that tells people not to store files on their
own hard drive, for instance.
Personally, I could not care less about my staff checking in
on Facebook during their lunch break but I do care about what is on hard drives
and what memory sticks have on them when they walk out the door. And I care
even more if we are about to dispose of anything with a memory or a hard drive.
I am old enough to remember memos. (These were like emails printed out, except they were type-written and not instant. Yes, we did have electricity then. Yes we just about had colour TV.)
I worked for a big company as a management trainee in my
first job when computers were big things fed with punch cards in another
building producing those huge unreadable printouts with the holes down the
side, and any private and confidential documents were typed up and treated like
the Turin Shroud.
Often the director’s secretary would deliver them herself, in
a pink internal envelope rather than the usual beige (because only director’s
produced private and confidential documents of course). They were never left on
desks but filed away like James Bond’s expenses, never to be seen by spotty
trainees like me.
As I rose up the slippery pole of success, I got to send
memos of my own. I never ever had my own secretary but I shared one and it was
quite a thrill to dictate into a little tape machine and get my little missives
back to sign a bit later on (a lot later on if you didn’t butter up the
secretary!).
However, one result of this somewhat convoluted process is that
you only sent a memo if you really needed to. Committing something to paper,
creating a semi-permanent record, was a serious matter and you could not afford
to waste anyone’s time.
How times have changed! We now send an email if the coffee
machine is broken, and copy in just about anyone who might have a hot beverage
related concern. And that is all saved somewhere. It all still exists on those
wretched drives, ready to come back and bite you.
Come to think of it, the contents of my boss’s filing cabinets
were not the most secure places in the world, and a determined thief could no
doubt get in, but there were no data protection laws about burglary at the time
as far as I remember. In fact I am pretty sure data processing was left to
those strange computer operators who worked in that place with the punching
machines and all those tapes, which looked rather like the Tardis. You did not
get fined if someone nicked your personnel records in those days because it
never happened.
Progress has given us new problems. One laptop can quite
easily hold your entire customer database and enough confidential information
to make the Information Commissioner choke on his mid afternoon sherry. (I like
to think he has one. Chris Graham used to work for the BBC after all and he
went to university in Liverpool, so he must have had the odd snifter!)
So, back where I started, how does a small business keep
track of its data and the equipment that holds it, because you can’t just lock
it in a filing cabinet and forget about it anymore? Having a clearly
communicated process about company data, it’s storage and security, including
erasing it from any equipment being refreshed, is at least as important as
telling the staff that they can’t tweet on company time.
Maybe even more important, who knows?
No comments:
Post a Comment