UK companies are doing relatively well in recognising the need to protect personal information, but many still...
need to get the basics right, says Ernst & Young.
High-profile losses of personal data by UK government departments have helped to raise awareness of the issue in both public and private sectors, said Seamus Reilly, a director in the IT risk and assurance team at Ernst & Young.
A survey by Ernst and Young found that 81% of UK organisations claim to have implemented specific controls to protect personal information, compared with a global average of 59%.
The proportion of UK organisations that claimed to have an established a privacy-related response and management process was 12% above the average.
In most other measures of privacy awareness and compliance UK companies were between 6% and 9% above the global average.
However, the number of UK companies that have produced an inventory of information assets covered by privacy requirements is 4% below the global average, the survey found.
"This raises a warning flag because despite the overall rosy picture, relatively few organisations are drawing up lists of their information assets," said Reilly.
This is a concern because without this fundamental building block in place, all the other areas where UK companies claim to be ahead may not be as solid as they appear, he said.
"Unless organisations know exactly what their information assets are, where these assets are located and the privacy obligations around them, it could undermine everything else they are doing to protect personal data," said Reilly.
Ernst & Young predicts that protecting personal data will become increasingly difficult for organisations as new technologies and services such as virtualisation and cloud computing become more widely used.
The combination of increased regulations and technologies that facilitate a more open flow of personal information will present a significant challenge for even the most privacy-savvy organisations, the Ernst & Young global information security survey report said.