Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites.
Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. For avoidance of any doubts and to make it easier, you may consider any links to external websites as sponsored links. Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Are data breaches inevitable in a digital age?

Christian Toon, Head of Information Risk, Global Security Services, Iron Mountain

With 93 per cent of large and 76 per cent of small organizations admitting to falling foul of a security breach in the past two years, you would be forgiven for thinking that some form of data loss within business is inevitable. Indeed Iron Mountain research found that more than half (53.3 per cent) of European businesses expect to lose data. As a result, they are unprepared when it comes to protecting company information.

4948This complacency is cause for concern. Many businesses are choosing to insure their business against the financial impact of data loss, rather than doing something to protect against the loss in the first place. Surely it would be more cost effective and better for the long-term prosperity of the business to invest money in closing the gaps in its data-protection programme and keep information from getting into the wrong hands?

Losing control of your data – the business impact
The European Commission’s draft revision to data protection legislation includes fines of up to one million Euros or two per cent of annual revenue for a data breach. The threat of the potentially huge financial impact of data loss on a business seems to do little to promote good governance when it comes to protecting information and has so far done little to encourage businesses to take greater information responsibility.

However, it’s not just the financial hit that businesses will need to take. A data breach could, potentially, be far more damaging to your business’ brand reputation and customer loyalty. With the use of social media in both a business and personal context on the rise, bad news now travels faster and further, meaning that even the smallest data breach can have serious consequences.

Managing data protection expectations
Before a business can put measures in place to protect its information, it firstly needs to assume responsibility and accountability for that data – wherever the information is stored. By law, companies are liable for the loss of their own data, even if the loss occurs while the information stored with a third party. It is therefore up to businesses to scrutinise, mitigate and manage their own information risk supply chain, as part of their Corporate Information Responsibility (CIR) programme.

The proposed new EU data protection legislation will mean a big change for businesses. According to the draft legislation, timeframes surrounding notification of a breach will only afford businesses 24 hours to notify regulators. This will require processes for the identification and reporting of an incident will need to be slick and efficient. Monitoring data integrity is also a key area for businesses to address. This has become all the more complex thanks to the prevalence of social media and mobile devices. Knowing exactly what information you hold in both physical and digital formats could prove a real headache.

The proposed new EU data protection legislation will force businesses to take action and not be complacent about data loss. It will bring significant positive changes to the way organisations monitor and handle information risk issues, but it won’t happen overnight. Examples of good practice are there to be followed. In Germany, for example, organisations are already obliged to make a member of staff responsible for data protection and ensuring compliance with the law. The challenge will be to get all EU countries to pull in the same direction.

Data breaches must not be seen as inevitable. The proposed changes to EU legislation present a chance for companies to assess whether they have the right policies in place to prevent against data loss; a chance to sure up defences, reduce exposure to information risk and showcase the business as a responsible custodian of sensitive information ─ a business that will take the necessary steps to protect the personal data that it holds on behalf of European citizens. When it comes to exposure to information leaks, businesses would do well to stop mopping the floor and think about turning off the tap instead.