Ninety per cent of Britons do not believe the personal details
that companies hold on them are safe, and nearly half do not think
banks and retailers do enough to protect it.
This emerged from a survey for international insurance firm
RSA as background for
National Identity Fraud
Prevention Week, which kicks off today.
The survey found that 56% of people are more concerned now about
identity fraud and the security of their personal information than
they were six months ago.
More worrying is the finding that more than 850,000 people in
the UK have lost work documents or devices such as laptops or
Blackberries in a public place. In the past year some
30 million names have been lost, the worst being the
loss of CDs containing the details of 25 million child benefit
account holders by HM Revenue & Customs.
Nine of 10 people disapprove of staff taking customers' personal
information outside the office. They believe insiders are the
greatest threat to the security of their personal data, the survey
found. They believed staff either stole the information to commit
fraud or did not dispose of it securely.
Desmond Cross, director of retail at RSA, said even small
breaches could
hurt a company's reputation. "With an increase in flexible,
remote and mobile working and extended working hours, the line
traditionally drawn between the office, home and public spaces is
becoming increasingly blurred," he said. This meant the amount of
personal information people can carry around has increased.
Cross said companies needed to educate staff to assess risks and
stress the importance of keeping customer information confidential.
"Don't allow compliance to take the place of judgement," he said.
"The challenge is not for companies to issue protocols, but to get
staff to think and act intelligently to reduce the risks."
He said companies should:
• Check staff references before they hire them
• Give staff secure shredding facilities to destroy confidential
documents
• Educate staff about the risks of viewing sensitive data in a
public space
• Enforce a clear-desk policy
• Have clear procedures for when sensitive customer data is
lost
• Take secure back-ups