In the UK this week, some changes have come into force regarding the Data Protection Act. Perhaps the most significant change is the level of financial penalty for those companies who do not comply with the Act, which has risen to a maximum of £500,000.
At Clearswift we have been in the business of helping companies protect their data for over two decades. With the introduction of these higher financial penalties organisations can no longer ignore the seriousness of corporate data breaches. The loss of personal data, or any data that organisations deem invaluable, is unacceptable mainly because it is all preventable.
The term ‘accidental’ is often used by companies to highlight why things have gone wrong – but this just means that the data security policy was not defined, not shared or not enforced. We need to stop thinking about security as walls, moats and fortresses and move data security away from the IT department so that there is a real view of permissions and controls across the business depending on sensitivity of information.
A lockdown approach won’t work, as it stops businesses from functioning and people will go to all kinds of lengths to get around it. A new approach to security means understanding how an organisation works with and needs information, then ensuring that it can be accessed and protected in equal measures.