Will a day of awareness raise the level of data privacy?

Opinion by Dan Raywood

When it came to coming up with a topic for this week's review, the subject of data privacy and how we are now living in a more digital age and the challenges that are posed by that, hung heavy in front of me.

When it came to coming up with a topic for this week's review, the subject of data privacy and how we are now living in a more digital age and the challenges that are posed by that, hung heavy in front of me.

After all, this week saw not only the announcement of Lord Carter's report on ‘creating a Digital Britain', but also the annual data privacy day on Wednesday. The former caught my attention to a slight extent, and I guess the cynic in me took a critical view of it.

Is there really a need for the UK population to be made more aware of data privacy? Well the answer is probably yes; regardless of how many data breaches are reported there seems to be no end to what is fast becoming a bit of a national problem.

So, if it is important to raise awareness of data privacy among the UK population, is creating this unofficial national event the right way? If so, my ‘data privacy day' greetings cards are probably stuck or lost in the post.

In all seriousness though, what we need to protect and how we do it should be a priority for any regular computer user - whether they are at work or at home – and if they don't know anything or enough about it, then this day should have helped to stir them into action.

As part of the ‘celebrations' to mark data privacy day, Symantec reported that over 35 million personal records were lost in the UK last year, and with more breaches already unearthed this month it claimed that there is more that needs to be done to protect data.

Guy Bunker, chief scientist at Symantec, said: “While it's great that data losses are being highlighted by this day, it is vital companies ensure data privacy is at the forefront of their minds every single day.

“The US takes data breaches very seriously and its legislation enforces punishment on any company that puts customer data at risk. In the UK we have no such laws. If the problem is not taken seriously, data loss incidents do not only create a huge financial burden, but can also cost the company's reputation."

So why does the US takes this so seriously, and yet in the UK there is more of a relaxed attitude? It was Pink Floyd that coined the phrase ‘hanging on in quiet desperation is the English way', is this reflective of our attitude – that typical way of not wanting to be too blasé, not changing our ways or as is appropriate in this case, not embracing new technology?

Dave Martin, managing security consultant at Logica, claimed that there is a varied European culture as to what is considered sensitive information.

He said: “For example, in the UK, salary information is considered to be sensitive, whereas in Iceland and other Nordic countries, all tax records are publicly available so anyone can see how much tax you pay and can potentially deduce your earnings.

“Likewise, in Iceland, it is possible for anyone to access free of charge, the details of everyone living at a particular address as well as mobile phone numbers; this is simply considered the norm.”

If this is a case of people just not being aware, perhaps Simon McDougall's, from Deloitte's technology risk team, comments that ‘with innovations in technology and waves of new regulation, the challenges in managing privacy are becoming more and more complex' ring true.

Symantec also offered further statistics on the attitudes of businesses and consumers on online risks, and the amount of data held about consumers. It found that four out of five people believe their personal information is not secure in the hands of companies that hold it. Lumension Security meanwhile, claimed that 67 per cent of organisations do nothing to prevent confidential data leaving the premises on USB sticks and other removable devices.

Perhaps an even more alarming statistic came from Symantec, when it revealed that 89 per cent of the respondents believe that reckless or repeated data breaches should be criminal matter and punishable by imprisonment.

This may be a knee-jerk reaction to events such as the loss of a USB stick containing children's details, or the HMRC data loss incident, but when it comes to the loss of data that involves the details of children, military personnel or vulnerable people, it does result in a rise in emotion to protect those affected.

However, the statistics also claimed that four out of five people believe that it should be a ‘one strike and you're out rule' when it comes to data loss – meaning that people and companies should get their act together - perhaps the government is listening and taking these opinions into consideration.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events