Public Administration News
Share
 |
Data Protection – a Case for Personal Pride |
| Source: |
http://www.publicservice.co.uk/feature_story.asp?id=20639 |
| Source Date: |
Thursday, September 13, 2012 |
| Focus: |
ICT for MDGs
|
| Country: |
Global |
| Created: |
Sep 17, 2012 |
|
The best way to protect information and avoid corporate espionage does not rest in its controlling storage, access and security - staff should be encouraged to take personal ownership and responsibility, says one specialist
Corporate espionage is a term that conjures up a world of high-tech gadgets, intelligence agents in trench coats and organised criminal gangs. A world far removed from every-day life at the office – or is it? Companies today are spending an estimated £65bn dealing with an on-going war against malicious outsiders, intent on accessing their information. However, corporate espionage covers a broad range of activity, not all of it obviously criminal or malicious. There are many kinds of information and many ways of obtaining it. Companies often ignore the risk presented by paper and can lose sight of the serious threat posed, often without intention, by their employees.
Public sector organisations that handle sensitive data – from immigration decisions and medical records to tax records and financial data – need to ensure they have robust policies and processes in place for managing and tracking information, and that their staff are trained to use these processes.
A recent Iron Mountain study revealed that office workers often form their own opinion as to what they can and cannot do with their employers' confidential and sensitive information. It revealed that one in three (32 per cent) employees were found to have taken or forwarded confidential information out of the office. However, when people change jobs, highly sensitive information is particularly vulnerable. More than a half of European office workers, who take information from their current employer when they switch jobs, opt for confidential customer or client databases despite data protection laws forbidding them to do so.
Securelist has drawn up a list of 'insider' profiles to help companies recognise and understand high-risk groups. This includes: "the careless insider" – defined as a non-managerial employee who leaks information unintentionally; "the naïve insider" – vulnerable to unscrupulous 'market research' or other confidence trick activity; and those who leak information maliciously, including "the saboteur" – often a disgruntled employee who feels passed over, and "the disloyal insider" – generally someone about to leave the company.
The Iron Mountain survey asked office workers across Europe what they would do if they had the chance to discover confidential information about a rival company. 69 per cent of employees in France would seize the chance to discover confidential information, compared to 57 per cent for Spain, 50 per cent for the UK and 33 per cent for Germany. Office workers in Germany were also the most reluctant to share their insight, with just under a third (32 per cent) saying they would do so, compared to 51 per cent for the UK, 61 per cent for France and 63 per cent for Spain.
When compared against some of the other survey results, the findings suggest a direct correlation between employee behaviour and the existence and communication of corporate guidelines. For example, respondents from Germany were the most likely to say it was always made clear when their own company information was confidential (67 per cent of employees, compared to 56 per cent for the UK and Spain and just 49 per cent for France), and an overwhelming 80 per cent said they were aware of company guidelines about what information could or could not be removed from the office, falling to 66 per cent for the UK and just over half of respondents in France and Spain (57 and 56 per cent).
No public sector organization can afford to fall short of acceptable standards with regard to managing our personal information. Minimising the risk of a data breach must now be made a sector-wide priority. The price of failure may well include reputational damage to the entire sector, and this could prove far more costly than any ICO fine.
The message? Measures put in place to protect confidential information from leaking out of the company also appear to foster a code of conduct that employees apply to information belonging to other organisations.
The line between ethical/unethical behaviour will remain a blurred one. While most of us would draw the line at breaking and entering a company's premises to deliberately remove or copy confidential information, between the two extremes there is a grey area where people are led by their personal moral code.
In other words, the most effective information management guidelines are not just those that protect information by controlling its storage, distribution, access, security and destruction; or even those that best educate employees in how information can inadvertently be revealed. They are those that encourage employees to feel a sense of pride in, personal ownership of, and responsibility for the company's information.
|
|
|
|
|
|
 Tag This |
Data Protection – a Case for Personal Pride The best way to protect information and avoid corporate espionage does not rest in its controlling storage access and security - staff should be encouraged to take personal ownership and responsibility says one specialist
 Tell A Friend |
 del.icio.us digg this Slashdot |
| Rate: |
0 ratings
|
Views: |
268 |
| Comments: |
0 |
Bookmarked: |
0 |
Tagged: |
0 |
|
|
|
|