In advance of European Privacy and Data Protection Day on 28th January, new research from Iron Mountain reveals that more than half of UK businesses expect to lose data. The information storage and management company found that the majority of businesses remain unprepared to accept the greater responsibility that the EU wants them to assume to protect the information of European citizens.
A year has passed since the publication of the European Commission's draft revision to data protection legislation, which includes fines of up to one million Euros or two per cent of annual revenue for a data breach. However, these penalties appear to have had little effect on most firms. Two-thirds (66.7 per cent) of UK respondents to the Iron Mountain survey stated that the threat of fines was having little impact on their company’s data protection policies to protect sensitive information.
Despite this claim, 84 per cent of UK survey respondents either have insured or are looking at insuring their business against the financial impact of a data breach. Commenting on the survey findings, Christian Toon, head of information risk at Iron Mountain Europe said, “The fact that more than half of European organisations see data loss as an inevitability is worrying. It illustrates that businesses of all sizes are failing to take appropriate steps to protect information. It seems many would rather insure against the cost of a breach than take steps to prevent it.
“By thoroughly understanding the risks to both paper documents and digital data, and by developing a culture of information responsibility, or what people are calling “Corporate Information Responsibility”, firms can protect against data loss and restrict the impact of any breach to a minimum.”
European Privacy and Data Protection Day on January 28th aims to draw attention to the importance of privacy and data protection. To support the day, PwC and Iron Mountain have launched an online tool to help businesses assess their exposure to information risk. The tool allows businesses to assess where they sit on the Information Risk Maturity Index, which represents a balanced approach to preventing information risk, including measures that evaluate strategy, people, communications and security. The Index is based on a set of indicators that, if put in place and frequently monitored, will help protect the digital and paper information held by an organisation.