Data loss is increasing……
Last year KPMG reported the worst year for data loss since 2005. More worryingly if the same data loss trend continues, the number of cases of data loss globally could rise to over 190 million this year. However, if the ever threatening possibility of data loss isn’t alarming enough how about adding a large fine as a consequence.
It was revealed last week that The European Commission will pursue a new law that would require most businesses, agencies and organisations in Europe to notify consumers when they lose sensitive customer data. The United States and Japan have had such laws in place since 2003. While it isn’t compulsory for European countries, including Britain, to notify of data loss at present, some do so voluntarily. A company penalised for such a breach was Nationwide Building Society when:
“The British financial regulator in 2007 imposed a £980,000, or $1.5 million, fine on the mortgage lender Nationwide Building Society after an employee laptop with data on millions of customers was stolen.”
So how are organisations reacting to such data security threats?
Well businesses fully understand the negative reputation risk that a data loss incident may bring and are therefore decidedly interested in preventing such incidents. Businesses also realise the reputational risk of neglecting what is a strategic and fundamental business concern to protect data securely.
So what are the key areas to consider when updating and improving an organisation’s data security and methodology?
It is crucial to include senior management when creating a framework that supports strong corporate governance, assurance, confidentiality and data life-cycle management change. Another key consideration is educating employees and creating awareness in data protection and its importance.
There are 5 key questions an organisation should ask themselves to ensure they are using the best methods:
1. Where does your data come from and what is it stored on?
2. How is your data backed up?
3. Is your data backup automated, offsite and encrypted?
4. Do you have a clear disaster recovery plan of what to do should you lose data?
5. Are senior management aware of realistic recovery times is the event of disaster?
If any of these questions can’t be answered with conviction then it’s of paramount importance to address your backup and recovery requirements with immediate effect.