It was recently discovered that businesses have been looking to exploit a loophole to avoid paying data breach fines associated with the inadvertent disclosure of sensitive information. Some businesses have been looking closely at a clause that suggests they would not be fined if they volunteered for an audit by the Information Commissioner’s Office (ICO).
Unsurprisingly, some companies are considering keeping quiet about breaches and deleting data trails that prove they were aware of those breaches before ‘voluntarily’ requesting an audit from the ICO.
What businesses may be choosing to ignore is that there is much more to lose from a data breach than money. The consequences of data loss can be far more devastating than a dressing down from the ICO, or even a hefty fine.
Information is the lifeblood that flows through the heart of any organisation. When the information is exposed, either by accident or as consequence of malicious intent, reputation, customer trust and market share are all put at risk. With such damning consequences, it’s hardly surprising then that some businesses might choose to conceal the facts.
However, businesses have more to gain from transparency. The ICO fine system is still in its infancy and continues to develop. Any loopholes can, and will, eventually be closed. This will mean that those organisations who have not committed to preventing data breaches in the first place will pay in the long run when they can no longer hide behind the loophole. They must learn fast from their mistakes and act to sure up their defences.
The need for professional information management within business has never been greater. Just as there is a growing demand for organisations to be held accountable for their environmental and social values, actions and impact, organisations now need to hold themselves to account for the way they handle and manage sensitive information.
Achieving a culture of information responsibility requires training and the support of the whole organisation. The drive and direction for responsible information handling must come from the very top of the business and be backed up by example.
How information is managed has become a boardroom issue, not just in terms of developing company-wide policies, but as an example of best practice in information handling and accountability that sets the tone for the whole business.
With businesses going out of their way to cover up data losses, security breaches going unnoticed and customers not knowing who to trust, make sure your business stands out as a good example, committed to protecting its most valuable asset.
Christian Toon is head of information risk at Iron Mountain, Europe