This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Former Information Commissioner claims that poor data cleansing and records management will be the next growth area for data protection

Share this article:

Concerns about data cleansing and keeping records up to date will be the next big growth area in data protection.

According to former Information Commissioner Richard Thomas, now strategy adviser for the Centre for Information Policy Leadership (CIPL) at law firm Hunton & Williams, a data protection requirement is that you take appropriate measures to keep your data secure. The last few years have seen public outcry at data losses from sloppy practices, but he predicted that the next big controversy will be over inadequate data cleansing.

Thomas stated that the challenge for companies is ‘not only to be confidential and secure, but also up to date and accurate'. Thomas said: “As the cost of storage has plummeted people are keeping more and more data. This increases the risk of it being out of date, inaccurate, or no longer relevant. That is going to cause problems for those who are putting data cleansing to one side.”

He argued that companies should create records management policies covering how long they keep data for. “If you are an employer, how long do you keep employees' records on your system? In the old days it was shelf space, and then it was disc space, but now it is so cheap you could keep it forever,” said Thomas.

“I predict that the problems will escalate dramatically over the next few years. There will be scandals where people will suffer real harm from inaccurate data. Companies are not thinking through the issues very well and often have not got good policies in place – How long do we keep customer data? How long do we keep staff data? How long do we keep supplier data? And how do we make sure it is all kept up to date? And if we are still using it, how do we know it is still accurate?”

Bridget Treacy, partner at Hunton & Williams and executive member of CIPL commented that the issues are even more complex when you need to look at different jurisdictions. Treacy said: “We advise a number of clients on their data retention programmes and you have to look at the types of data that they hold, why they need the information, and the relevant laws that apply to their activities in each jurisdiction.

“We then work with clients to create a matrix summarising the different retention periods that might apply.  Clients then decide what is the minimum amount of time they need to keep data for in order to comply with the majority of laws. This is a complex process.”

Thomas claimed that this is ‘a good example of how good data protection requirements make companies think. There are no black and white answers, but you need to balance competing tensions - with some laws saying you must keep data for a minimum amount of time, while data protection says do not go beyond a maximum. You have to justify you approach and find what is right for each type of data.'

“Don't collect it without thinking, don't keep it without thinking and make sure you manage your data actively,” said Thomas.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

UK banks to get independent pen-testing?

UK banks to get independent pen-testing?

The UK's Bank of England (BoE) is reportedly planning to carry out a major pen-testing exercise in the Autumn.

The cloud: rapid adoption and rising levels of attacks

The cloud: rapid adoption and rising levels of ...

Research just published claims to show that there has been a significant increase in attacks against cloud and on-premises IT systems.

Windows XP support to cost £120 a year per machine

Windows XP support to cost £120 a year ...

Microsoft has quietly slashed the cost of continuing to support Windows XP.