All the latest UK technology news, reviews and analysis

CEOs should take the rap for data losses

by Madeline Bennett

More from this author

26 Nov 2008

Comment: 1

  • Tweet this
broken hard disk
vnunet.com readers have said chief executives should be held responsible for security breaches

Chief executives should be held responsible for data breaches, according to the results of a new vnunet.com poll.

Despite high-profile incidents such as the TK Maxx data breach and HM Revenue & Customs' (HMRC's) two lost CDs, it is clear that many organisations still have a lax approach to protecting customer details as data losses continue to occur on an alarmingly regular basis. We polled vnunet.com readers on what would be the best approach to ensuring firms take personal data security seriously.

Further reading

Of the almost 500 readers who responded, 43 per cent (208 respondents) felt that the buck should stop at the very top with chief executives being held directly responsible for data breaches. Measures suggested in the past have included prison time or personal fines.

Almost a third of readers preferred the idea of hitting firms where it really hurts – in the wallet. Thirty-two per cent (153 respondents) said slapping fines on organisations that lose customer details was the best approach to forcing improvements to data protection.

A smaller proportion favoured a legal approach: 16 per cent (78 respondents) called for the introduction of US-style data breach rules, which oblige firms to notify customers of any security lapses that could put them at risk.

Somewhat surprisingly the option of customers voting with their feet gained little traction among readers. Only nine per cent (44 respondents) felt that boycotting firms with poor security records would have an impact.

As part of the government response to the ongoing issue of data breaches, this week it was revealed that Information Commissioner Richard Thomas has been granted new powers to help prevent further data losses.

Meanwhile, this month marks the one-year anniversary of the HMRC data breach, details of which first surfaced on 20 November 2007. It was this breach that proved the catalyst for the huge public sector data protection shake-up of the past year.

Do you agree?

Add your comment

But what course of action is best?

It's clear from this research that organisations agree about the need for action to prevent data breaches. What seems unclear, is the best course of action. There are three major contributing factors to data breaches. First, there's an institutionalised lax approach to data security, where staff do not fully understand how to handle sensitive data. Second, there's no technology in place to manage which computer users are able to copy confidential data to removable media devices like laptops or USB sticks. Third, data that's legitimately copied to such devices isn't adequately protected. These contributing factors mean that no single measure will bring an end to data losses. While drastic action such as legislation and severe fines will shock companies into taking the issue more seriously, there needs to be a change in attitude throughout organisations. All employees need to be educated about the risks associated with handling sensitive information and the importance of securing confidential data. Additionally, the right technological methods of protection need to be in place for the rare occasion there's a real business need to transfer data of this nature to a third party. I would insist on the data being encrypted with a 256-bit cipher and that it's sent by a private courier (or preferably an employee) direct to its destination.

Posted by: Matt Fisher, FrontRange Solutions 27 Nov 2008

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

data-security-key

Thousands of public encryption keys found to offer no security

Related white papers

Related articles

Related jobs

Today's top stories

Web blocking. Content owners want to stop copyright infringement

Music file-sharing site taken offline by UK Serious Organised Crime Agency

Mozilla Firefox logo

Mozilla adds Android and security updates to Firefox roadmap

Acer Aspire S3 Ultrabook

Acer Aspire S3 ultrabook review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Java developer (J2EE/Web) - Nr Warrington (off M6)

Java / J2EE analyst programmer with experience of building...

Crystal Reports Developer London or Dublin £340 per day

Crystal Reports Developer London or Dublin £340 per day...

Systems Administrator

Our client is a major Broadcasting company seeking a...

Support Engineer - Linux/ Windows

Support Engineer required to work for leading Online...

To send to more than one email address, simply separate each address with a comma.