Well, January is nearly over and
it’s time to look at all the research that’s been produced over the past year to
try and draw meaningful and usable statistics...
I do this very selfishly before starting
in anger on the conference circuit as I like to have up-to-date figures and
stats in my presentations (and let’s face it, we all love numbers! ;-)
Today, I focus on the research
produced by the UK Information Commissioner's Office (ICO) in the two following
reports Report on Information
Commissioner's Office Annual Track 2011 - Individuals and Report on Information
Commissioner's Office Annual Track 2011 - Organisations.
Since the revised Data Protection
Act came into force in 1998, the ICO has monitored awareness and understanding
of this legislation amongst individuals and organisations in both the public
and private sector. The studies were conducted amongst approximately 2,500
individuals and 400 public and 400 private sector organisations with an even
split between small and large businesses .
Security as a social concern, what the numbers say...
- Individuals are mostly concerned about the passing or selling of their personal details to other organisations (97%) with security of their personal information coming second at 96%;
- 93% of individuals believe that organisations request too much personal information (remember, if you don’t need it, don’t ask for it, and certainly don’t keep it!)
- 83% of individuals believe that organisations keep their information for too long (when’s the last time you looked at that retention policy?...)
- 74% of individuals believe that online companies do not collect and keep their personal details securely and 81% are concerned about organisations collecting and keeping their details online. (If you do one thing today, give your web developers the OWASP Top Ten, it’s FREE!)
- 66% of individuals believe existing laws and practices do not provide sufficient protection for their personal information; (Well, EU breach disclosure and data protection laws will soon see to that...)
It was also interesting to note
that individuals mostly rely on the media (41%) and their workplace (21%) for
awareness of data protection issues (how
is your training programme shaping up?).
Another interesting snippet is
that individuals mostly rely on their Citizens Advice Bureau for advice on information
protection and the DPA (60%) with the internet and a solicitor in joint second
place at about 19% and very few were aware of the ICO.
So for all you marketing people
out there, look at the figures, they are compelling: people think security is important,
use it! Also, go and find out where your customers go for advice, it may
surprise you...
Security as a corporate concern, is it any better now?...
Well, rather than pondering at
length, I think the table below speaks for itself:
What obligations are you aware of that
organisations have to comply with when processing personal information?
|
||||||||
Obligations (Unprompted)
|
Public Sector
|
Private Sector
|
Overall 2011
|
Overall 2010
|
||||
Large
|
Small
|
Total
|
Large
|
Small
|
Total
|
|||
Personal information is kept secure
|
75%
|
66%
|
71%
|
75%
|
73%
|
74%
|
72%
|
54%
|
Personal information is processed for
limited purposes
|
42%
|
31%
|
37%
|
35%
|
24%
|
29%
|
33%
|
28%
|
Personal information is not kept for
longer than necessary
|
46%
|
28%
|
38%
|
29%
|
21%
|
25%
|
32%
|
24%
|
So, if we turn the figures around, this means that 28% of
organisations are still unaware that they must keep their customers personal
information secure, 67% of organisations believe it’s OK to use personal
customer information for purposes other than what it was requested for (have they talked to their legal
departments?) and 68% of organisations believe that they can keep customer
information for an indefinite period of time (yep, that retention policy again)... So, if data privacy is not on your radar, have a look at my blog post on privacy laws...
Admittedly, I was expecting to
see a large difference in attitudes towards information security and data
protection between corporates and SMEs, so I was surprised to see that this was
not the case (only about 10% difference between large and small organisations
overall)...
Another interesting point is
that public sector organisations are generally more aware (by 6%) than private
sector businesses (and we know why that
is: the ICO traditionally focused on public sector and has only recently turned
its attention to the private sector, with all the fines and public exposure
that ensues...).
So all in all, the figures are
going the right way if we compare 2011 to 2010, but we still have a long way to
go and still a lot more to come, as summarised in my post on EU regulations.
Until next time...
No comments:
Post a Comment