14 DAY TRIAL // Recent security related events in the UK have proven that data security is not taken as seriously as it should be. Security software vendors and manufacturers try waging a never ending fight against spam, viruses and other types of malicious software, but data still isn't safe. According to the officials, the finger should be pointed at the managers that do their jobs poorly.
David Smith, Deputy Information Commissioner said that "It is about scrutiny, policing, data deletion and data minimization, but above all it is about accountability. You need to decide who should be shown the door if things go wrong, and if you cannot answer that, there is a problem that needs to be addressed".
To put it simply, if you make someone do a job but you will not hold that person accountable for the result, then chances are the job will not be done very well. Things change considerably when that person is responsible for the end result. There have been cases when managers failed to take even the most basic security measures.
Francis Aldhouse, consultant for Bird & Bird, a UK legal firm says he would like to "see criminal penalties on organizations and individuals for failing to comply with regulations". Unless you hurt them where it hurts, managers will not enforce data security, which is really a pity considering the numerous security software as well as security threats that are out there.
Here is what Philip Wright, from Waterhouse, stated as cited by vnunet: "The biggest area of risk is data transfer. We should be looking at minimizing it and eventually phasing it out". If I may add, something should be done about data that is transferred from point A to point B on CD, USB devices, laptops and so on, which end up either being stolen or lost. Not to mention that sometimes this data is not even encrypted.
Carrie Hartnell underlines the fact that as more and more services become available online, people must trust the merchant and have confidence that the data will be handled safely. In order for this to happen, every data loss, hacking attempt or any other security related issue must be disclosed.