Data security is an ever
expanding nightmare. You are liable. Yes you. For everything. Or rather you are
if you are the nominated data controller for your company. Soon there will also
be a defined board responsibility too. We are months away from someone getting
thrown in the clink because Mavis in accounts thought she was checking her
Twitter account and ended up posting the database to North Korea by mistake.
Do you remember the good, old fashioned
western? The sort of film where the sheriff, in an effort to clean up his town,
made all the cowboys leave their guns at the jailhouse. Our offices will be
like that one day...mobile phones left in lockers until the end of the
day...rather like school. Because a Smartphone is a data breach waiting to
happen, and companies will only want their staff using company owned (and
regulated/controlled) kit on the wifi.
Which will drive their employees
mad, and cause them to break the rules and sneak their beloved phones in
anyway. It is all a recipe for disaster, not to mention dissatisfaction and
angst.
However, we need to remember why
this is all such a concern, and then apply it to all areas of the IT minefield,
including asset disposal at end of life. It’s all about the data, and the harm
that can be done if that data falls into the wrong hands. It could be data
about you and me as consumers, as patients or pupils. It could be bank details,
and therefore access to our worldly goods, or it could be medical records,
criminal records, confidential information we would not like anyone else to
see. In law, this data is enshrined and protected, so the person who loses it,
or negligently lets it get lost, is liable to do twenty years in Pentonville.
But oh how blasé we all are about
data! Come on, admit it, you know it’s true. I am a salesman and have been for
over thirty years. I have been adding information to database’s throughout that
time I suppose, starting with a pen and a rolodex and ending up with salesforce.com
and all manner of other CRM systems. So I know what it is like, and although I
no doubt tried to enter the right information at the time, we all know there is
a lot of garbage in there. And of course if it isn’t all used on a regular
basis, even good information turns to garbage. B2B data decays at the rate of
about 30% a year, as companies close, move or merge, and people leave. And yet,
lose that pile of old misspelt names and bounce back email addresses and you
will feel the long arm of the law on your shoulder in next to no time.
I suspect that the latest plans
to make a director of any company or organisation directly responsible for data
security will wake a few people up. I have been a director of a limited
company, and signed all the forms for Companies House, and I remember reading
through the responsibilities. It was hard not to take them seriously. I
sincerely hope that will be the case.
Because the current situation
really is a bit of a worry. The penalties are there and the regulations are
there but there is a lack of understanding and appreciation not only of the
risks but of the solutions. We start with subject knowledge at ground zero, so
there really is only one direction to go and that is up!
We need to educate. I know it is
a fairly dry subject but just think about it. Do you search your staff when
they leave the building for a USB memory stick? Do you make sure every printer
has it’s memory dealt with when you get rid of it? What do you do with the
company mobile phone handsets when you upgrade? It’s not just all about
computers and hard drives anymore.
We are going to have to change.
Data has got bigger but you can now steal it on a stick which you can hide in
the smallest of orifice’s. You can attach a file to an email and post it out.
Or you can let that nice man take those 5 broken desk tops and find your
database on eBay the next day.
No comments:
Post a Comment