I had breakfast with Chris Graham, the ICO,
this morning.
Well, he was on TV, warning people to make sure their webcams are
password protected or closed to outside scrutiny. Apparently there is a Russian
website spying on thousands of webcams around the world, a community service provided
just to warn all those shopkeepers and concerned parents about what a
determined hacker can do.
Mr Graham made a good coherent
case when he was talking about lax data security. But he lost me a little bit
when he started talking about punishing the offenders. Essentially he was
saying that any businesses which were lax about this sort of thing and
infringed their customer’s or patient’s rights would be dealt with most
severely. I got the impression that they would definitely be grounded for quite
a long time. Nanny was not very amused.
The BBC moved from Chris to RBS,
who have just been fined another immense sum for cocking up their computer
system. Another regulator appeared to lambast the poor beleaguered bank for not
understanding its IT responsibilities.
I know, it is hard to have too
much sympathy for a banker. They should have the nous and the resources to get
their systems right, but the big fines clearly aren’t acting as much of a
deterrent and maybe the regulators and the government, who ultimately define
their brief, should go back to the drawing board and try educating as well as
regulating.
Data is not taken seriously. It
never has been. Whenever there is a disaster, everyone gets into a right old
two and eight for a day or two, someone gets fined and we carry on regardless. For a business
like RBS, their IT systems and security ought be top notch, and if it is not,
who is to blame? Obviously the board, who must answer to their shareholders
(mostly us, as we still own 80% of it) for this fine, but the question I would
be asking is which director holds the responsibility and how much clout does he
have at the top table?
The answer is not much; otherwise
these mistakes would not be made. None of us put data very high on our agenda,
so why should we expect big business to do so? Lip service is paid to data
security right from the get go, right up until those hard disks come into our
sphere of influence.
Two things should be much higher
on corporate agendas; data security and sustainability. The only way to achieve
that is to educate people, right from the first time they get an electronic
device which connects to the internet. That way, when Wayne and Waynetta buy
that cot cam to keep a constant eye on little Tarquin, they will understand
that a bored Russian hacker could get past their firewall and have a look at
the Bob the Builder duvet.
No comments:
Post a Comment