Security smokescreen: the hidden truth

Imagine you lost a data stick containing confidential customer information and are facing a fine that could, potentially, cost your business 2% of its annual turnover. Now, imagine you had the chance to cover it up and pretend it had never happened. Would you take it?

by Christian Toon
Last Updated: 09 Oct 2013

It was recently discovered that businesses have been looking to exploit a loophole to avoid paying data breach fines associated with the inadvertent disclosure of sensitive information. Some businesses have been looking closely at a clause that suggests they would not be fined if they volunteered for an audit by the Information Commissioner’s Office (ICO).

Unsurprisingly, some companies are considering keeping quiet about breaches and deleting data trails that prove they were aware of those breaches before ‘voluntarily’ requesting an audit from the ICO.
What businesses may be choosing to ignore is that there is much more to lose from a data breach than money. The consequences of data loss can be far more devastating than a dressing down from the ICO, or even a hefty fine.

Information is the lifeblood that flows through the heart of any organisation. When the information is exposed, either by accident or as consequence of malicious intent, reputation, customer trust and market share are all put at risk. With such damning consequences, it’s hardly surprising then that some businesses might choose to conceal the facts.

However, businesses have more to gain from transparency. The ICO fine system is still in its infancy and continues to develop. Any loopholes can, and will, eventually be closed. This will mean that those organisations who have not committed to preventing data breaches in the first place will pay in the long run when they can no longer hide behind the loophole. They must learn fast from their mistakes and act to sure up their defences.
The need for professional information management within business has never been greater.  Just as there is a growing demand for organisations to be held accountable for their environmental and social values, actions and impact, organisations now need to hold themselves to account for the way they handle and manage sensitive information.
Achieving a culture of information responsibility requires training and the support of the whole organisation. The drive and direction for responsible information handling must come from the very top of the business and be backed up by example.

How information is managed has become a boardroom issue, not just in terms of developing company-wide policies, but as an example of best practice in information handling and accountability that sets the tone for the whole business.
With businesses going out of their way to cover up data losses, security breaches going unnoticed and customers not knowing who to trust, make sure your business stands out as a good example, committed to protecting its most valuable asset.

Christian Toon is head of information risk at Iron Mountain, Europe

Find this article useful?

Get more great articles like this in your inbox every lunchtime

'I became governor of Iceland's central bank in 2009. Here's what I learned ...

And you thought your turnaround was tricky.

"It's easy to write a cheque you don't have to cash for 30 ...

But BP's new CEO has staked his legacy on going green.

AI opens up an ethical minefield for businesses

There will inevitably be unintended consequences from blindly adopting new technology.

The strange curse of No 11 Downing Street

As Sajid Javid has just discovered, “chancellors come and go… the Treasury endures forever”.

Men are better at self-promotion than women

Research shows women under-rate their performance even when they have an objective measure of how...

When doing the right thing gets you in trouble

Concern with appearances can distort behaviour, as this research shows.