Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

IT Governance report talks of complacency culture

IT Governance : 09 July, 2008  (Technical Article)
Report on trends and best practices concerning data breaches examines both the commercial and government sectors where complacency is commonplace
The only way to avoid further disastrous losses of individuals' sensitive private information is to immediately commence a comprehensive overhaul of the way Central Government staff manage confidential personal information, warns leading UK compliance specialist IT Governance The loss of millions of child benefit records by HM Revenue and Customs, and the mislaying of laptops and security dossiers by MoD staff, are part of the same problem - institutional failures to define and implement basic compliance procedures in line with the requirements of the Data Protection Act (DPA).

However, it is not just major Whitehall departments at fault - the recent IT Governance Best Practice Report, Data breaches: Trends, costs and best practices, indicates that there is a culture of complacency in the commercial sector as well, which also has a lax attitude to protection of client information and data-handling procedures.

Complying with the requirements of the DPA - the core UK legislation around data protection - is a key challenge for Whitehall departments and commercial organisations alike. A much tougher regulatory regime is now coming into place, which builds on the major fines recently levelled by the Financial Services Authority, such as the £980,000 penalty served on the Nationwide Building Society and a £1.26 million fine incurred by Norwich Union - both criticised for failing to adequately protect personal data. Added to this, there is the recently passed Criminal Justice and Immigration Act, which brings in a regime of 'substantial' fines for organisations that fail to meet their compliance obligations.

"Last week's Poynter report confirms what has been plain to anyone following the string of data losses occurring in the public sector," said Alan Calder, Chief Executive of IT Governance. "These aren't just the acts of rogue employees, and it frankly beggared belief that this was the original explanation offered for the HMRC fiasco. Instead, they are symptomatic of a continued failure to embed data security procedures and training into the organisational culture. We can only hope that this report might finally make Whitehall wake up and smell the coffee that has been so clearly brewing for years."

"The reasons for changing the way in which both public and private sector organisations manage information compliance are compelling," warns Calder. "The high-profile data-handling fiascos of recent months have underlined this. Leaders have, for too long, been ignoring the importance of protecting personal data, and urgent attention to both the spirit and the letter of the law is urgently required."

"Fixing these problems calls for more than some extra IT investments. There is a root and branch managerial job to be done to achieve data protection compliance, involving training, process change and the adoption of best practices. And yet, compared to many of the investments made by government departments and companies, this all comes at a bargain price. It isn't a matter of choice - the public and private sectors owe it to us, as their customers, to protect our data. Hopefully, the embarrassment caused by this report will have the positive side-effect of prompting a drastic rethink by all organisations working with client data. Any organisation not addressing its information security needs with a formal compliance regime is plainly risking not just horrendous financial penalties - it's putting its very survival on the line."

IT Governance's DPA Compliance Assessment Tool provides an easy-to-use way to assess an organisation's current level of compliance with the Data Protection Act. Its DPA Compliance Toolkit offers all the essential templates and tools, to greatly simplify and speed up the task of compliance.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo