Data Privacy and Security

Tech and Employee Education Must Work in Tandem to Drive Down ICO Data Complaints

The Information Commissioner’s Office released its annual report yesterday, revealing a significant increase in the amount of data protection cases brought to its attention. The privacy watchdog claims to have experienced a record number of cases over the past 12 months, with 15,492 complaints filed (an increase of 10% on last year) as well as a 15% increase in the number of calls to its helpline. This escalation, added to a spate of high-profile cases and the increasing complexity of data storage, has led to Christopher Graham, the information commissioner, to call for greater funding for the body, stating that the regulator needs “stronger powers”.

Data breaches and leaks that hit the headlines often focus on hacking – take the recent eBay and Target hacks for example. We also often hear about how the changing face of information through the likes of Facebook, care.data and Google is complicating organisations’ use of data, making them vulnerable. However, one issue that is often overlooked is the ‘human factor’ involved in data breaches - the reality is that an employee is often the weakest link when it comes to a business’s data security. Through carless ‘everyday’ actions, such as leaving a mobile phone on the train or downloading potentially dangerous apps onto a corporate device, data is lost or stolen from organisations with frightening regularity. This is illustrated further by research we carried out into employee attitudes to corporate mobile devices and data theft - it found that 23% of employees don’t think the data stored on them is their responsibility.

We’ve seen this ‘human factor’ make a significant contribution to the ICO’s distribution of £1.97m in punitive fines to numerous public and private companies this year. Examples of this happening due to human error include small business Java Transport and Aberdeen City Council, which have lost data by accidentally losing a hard-drive containing customer information and uploading sensitive documents to a public website, respectively. Such examples should be a warning to businesses that they need to make employee training and education a priority, so they don’t hit the headlines themselves.

It’s clear that businesses need to increase focus on educating their employees in order to impose a culture that combats the very real threat of a data breach. While there are technological solutions that can offer a quick fix, there needs to be work done on a granular level to educate the business world on the threats and implications of data loss. You can apply technology to control data, but ultimately the weakest link may be the psychology and culture of a business. Employees must be informed about data security - the more that their perception of the risks can be aligned with the potential impact on the company, the more likely it is that a business will be able to create a secure environment. While technology solutions can help keep critical information safe it is important that tech works in tandem with education of staff in order to create a robust, water-tight data protection policy. This kind of strategy will help slow the rapid rise in data complaints dealt with by the ICO.


Stephen Midgley is VP Global Marketing at Absolute Software


« Are Bitcoins Likely to Penetrate East Africa?


IBM and Apple Make Sense Together This Time Around »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?