Private sector must do more to protect customer data, analyst says


Private sector must do more to protect customer data, analyst says

Ian Grant

The private sector needs to take data privacy more seriously if it is to stop the Information Commissioner's Office getting the power to audit their information security systems without warning, says James Alexander, technology security partner at Deloitte, a management consulting firm.

"Companies need to take the bull by the horns," Alexander told Computer Weekly. His comments followed Deloitte's finding that only 54% of technology, media and telecommunications (TMT) firms will tell customers if their data privacy is breached.

Alexander said the ICO won "stop and search" powers to spot-check public sector firms' data protection procedures following the loss of 25 million personal records by HM Revenue & Customs (HMRC) last year. "If private sector firms do not want similar scrutiny, they need to become more proactive," he said.

Alexander said half of TMT firms are spending less than 3% of their IT budgets on data security, and only 5% are budgeting to increase their spend by 15% or more. "They are only treading water," he said, noting that only 7% of respondents believed they are prepared for future security threats.

However, three-quarters of firms said "human error" by insiders was the greatest danger, ahead of operations and technology.

"The HMRC incident showed that information security can no longer be considered a back-office function," Alexander said. Companies now underestimate the impact of data breaches, but the ICO's new powers, if applied to the private sector, could force a radical revision of the risks they face, he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy