Research shows that UK consumers want tougher regulations for organisations that lose customer data. In a poll of 5000 consumers, four out of five respondents felt that companies should be subjected to a US-style breach disclosure law, forcing them to publicly declare data loss incidents.
Consumers were in no doubt about the need for stronger government intervention with 70 percent believing there needs to be more prescriptive regulations. Many thought there should be tougher penalties with 62 percent feeling that organisations should receive large fines and 31 percent going as far as to suggest company directors should be subject to criminal proceedings.
Responding to the recent European Commission (EC) personal data protection strategy document, the European data protection supervisor came out in support of wide-ranging reform of data protection laws including the implementation of mandatory data breach notifications.
The research suggests there is solid public support for such moves. Data released by the Information Commissioners Office (ICO) shows that data breaches are still rife in the UK, and this seems to have lead to a change in the public mood. There is now a common desire to see definite steps taken to force organisations to clean up their act.
This hard-line attitude toward data breach appears to stem from the public’s lack of confidence in organisations’ abilities to protect the personal information they hold. 63 percent of respondents were concerned that they may become a victim of identity theft through no fault of their own, while half believe neither public nor private sector organisations have sufficient security measures in place to adequately safeguard sensitive data.
This lack of public confidence is something that businesses and the Government need to address fast. Our findings show that when people hear about the loss of confidential information they will actively avoid the organisations involved – 66 percent stated they would try to avoid future interactions, while 17 percent were adamant they definitely would not have anything more to do with the guilty party,
The message to organisations couldn’t be clearer: those taking a lax approach to data security won’t just lose face, they will also lose customers.
Solving this problem will require a new perspective to be applied, not only to data security, but to IT as a whole. It is simply not possible to guarantee the security of systems and data without providing organisations with the ability to take a unified view of their entire IT infrastructure. IT systems generate log data constantly but too often this information is managed in an inefficient and disparate manner.
By deploying an intelligent, automated and centralised log management solution, organisations can be constantly aware of the smallest changes that occur across their IT systems. This includes files being altered or copied to an external storage device, or malicious external threats trying to gain access to data. Only by attaining a deep insight into what is occurring internally will businesses and public sector organisations be able to truly secure their IT systems and regain the public’s trust.