I wish that I was surprised by Logica’s survey findings, that 57% of firms had ‘no understanding of the impact of a security breach on their organisation.’
And the sad fact is that, in a number of these ‘unaware’ organisations, the first that the board will know about their compliance shortfall will be when they’re hit with a ‘signficant’ fine under the recent amendment to the Data Protection Act.
And that’s a pity, because DPA compliance really isn’t that hard: there are just 8 principles and, so long as the organisation tackles those 8 principles intelligently and constructively, it’s unlikely to find itself facing any breach proceedings. We’ve done what we can to make it easy for people to understand the size of the problem (our Data Breaches Report 2008), to get a straightforward understanding of the compliance requirements (our DPA Compliance pocket guide, written by DPA experts), to assess their current state of compliance and what steps to take (our DPA Compliance Assessment Tool) and we’ve even developed a DPA Compliance Toolkit that contains the key documentation for compliance.
But we can’t do that essential first step: care enough about the personal information of your staff, your customers and your suppliers to take adequate steps to meet your compliance obligations. Don’t wait until you’re staring down the barrel of an ICO enforcement notice before you take what will then be expensive and possibly disruptive steps to get a compliance regime into place as quickly as possible.