There is a growing awareness among various regulators and the general public of data security issues. In the past couple of years there have been several cases whereby vast amounts of public data has been misplaced or lost and very regularly found by general members of the public. This comes as a great concern as would be expected. If we trust organisations to keep our private information then they should respect this and ensure all data is securely stored. Many organisations have faced substantial fines because of there behaviour with private information.
A study carried out by Poneman found that 37% of respondents said that they terminated their relationship with organisations because they had received a notification to say that there was a breach in their data security.
There are various basic steps which can be taken by organisations to try and avoid such incidents occurring. There should be human and operational controls in place to ensure staff are fully trained and know what they are doing. This is especially the case if third party companies are dealing with private information. Technical measures should be put in place such as audit trails to track information and ensure that contractual requirements are being met. Firewalls and encryption and access control should be put in place to ensure that private information does not get in the wrong hands. Organisations should also ensure they have plans in place in case there is a loss of private information. If the press gets a hold of the news that an organisation has lost private data than there reputation could be wiped out. Therefore organisations should know how to deal with such events to try and limit the damage as much as possible.
A study carried out by Poneman found that 37% of respondents said that they terminated their relationship with organisations because they had received a notification to say that there was a breach in their data security.
There are various basic steps which can be taken by organisations to try and avoid such incidents occurring. There should be human and operational controls in place to ensure staff are fully trained and know what they are doing. This is especially the case if third party companies are dealing with private information. Technical measures should be put in place such as audit trails to track information and ensure that contractual requirements are being met. Firewalls and encryption and access control should be put in place to ensure that private information does not get in the wrong hands. Organisations should also ensure they have plans in place in case there is a loss of private information. If the press gets a hold of the news that an organisation has lost private data than there reputation could be wiped out. Therefore organisations should know how to deal with such events to try and limit the damage as much as possible.
No comments:
Post a Comment