Preventing careless data breaches – who’s responsible?

Stories of ‘yet another IT security lapse by company X’ are hitting the headlines far too often, each time raising the alarm about how little is being done to protect commercially sensitive data on mobile devices and the hidden costs associated with this negligence.

 Some recent victims of laptop security breaches include organisations in the retail, banking, public sector and local government markets.

One local council had an employee laptop, containing the personal details of staff and former personnel, stolen during a street robbery.

The council subsequently notified all affected staff and set up a hotline offering advice on how to protect themselves from potential identify theft.

Security breaches resulting from lost or stolen laptops can result in serious penalties, including heavy fines or permanent bans from obtaining and holding customer details in the future.

This demonstrates the severity of such laxity in the eyes of regulatory bodies. Ineffective security policy enforcement can have a detrimental impact not only on the organisation but also on public confidence in personal data protection and the individuals’ rights to privacy.

The threat of laptop breaches is even greater considering the startling number of management executives that are still unaware of the responsibility they have towards the protection of information held on them under the Data Protection Act (1998).