Today I read about Talk Talk being fined £400,000 for security failings that led to the data of over 150,000 customers being stolen in a cyber attack. The Information Commissioner’s response has been pretty swift given that this occurred less than 12 months ago.
I think this is the largest fine I have ever seen awarded.
Next year we see revised Data Protection Legislation come into force. That legislation has suggested fines will be in the region of 2-4% of an organisation’s global annual revenue for data breaches. What’s 4% of your global revenue? Could you afford to lose that simply because you don’t take security seriously?
When the Data Protection Act came into force I remember telling our clients that whilst this was important new legislation, they should not worry unduly as the legislation had few teeth. How times have changed! I should hang my head in shame J
Of course the big change during those years since the DPA came into force in 1998 has been the unrelenting rise of social media and the collection of data through browsing and online shopping on an unprecedented scale. So with new legislation and big fines on their way, this is not an area to be ignored anymore.
From 1998 onwards my business delivered many sessions on Data Protection. In my view, companies in the 1990’s took far more time than we see nowadays to educate their managers about legislation and how to stay on the right side of the law. This year Jaluch has delivered just one data Protection course. One! So that’s 12 managers/supervisors in the know and a million or so others who probably don’t have much clue.
Interestingly, writing this blog reminds me that one of my proudest moments as a trainer. Generally, I pride myself on finding a way to make even the most boring of subjects fun and interesting. On this occasion, a manager left the half day data protection training I had delivered and on his way out said he wanted to shake my hand as he had never had so much fun nor learnt so much in a training session. My brief moment of glory! Those were the giddy days of the new data protection act J
But my ego aside, it really is time for you to listen up and ensure that this subject is taken seriously in your organisation. You need someone to take overall responsibility as the challenges span not just HR but IT, Marketing, Sales, Legal and no doubt Operations too.
If you’re still unsure though, why not calculate how much 4% of your global revenue is and ask your Board or Trustees if they can afford to lose that amount of money – simply because no one prioritised Data Protection education and compliance.
Any comments, questions, or ideas please do share.