Recurring headlines about data breaches and warnings from those in the IT security industry are making a dent in enterprise data protection awareness, but according to the Information Commissioner's Office (ICO), practices are not yet where they need to be.
The ICO, the U.K.'s data security watchdog and enforcer of the Data Protection Act, published the results of a new study that found 72 percent of surveyed organizations are aware of their obligation to protect personal information. This represents a 26 percent increase from 2010.
Additionally, awareness of the importance of notification has reached its highest levels yet, according to the ICO, with 87 percent of companies indicating they understand that it is a legal requirement in many situations.
However, the ICO stressed that there is still room for improvement when it comes to data protection. For example, researchers found that awareness of individuals' rights has decreased in the past year, declining from 89 percent of 85 percent.
The ICO also stated that the number of data breaches in the private sector has increased by 58 percent in the last year, suggesting that companies may not know how to translate this increased awareness to actual practice.
"I’m encouraged that the private sector is waking up to its data protection responsibilities, with unprompted awareness of the Act’s principles higher than ever. However, the sector does not seem to be putting its knowledge to good use," said information commissioner Christopher Graham in a press release. "Businesses seem to know what they need to do – now they just need to get on with doing it."
The ICO itself has highlighted many of the data protection shortcomings in the private and public sectors. For example, earlier this month the organization criticized the U.K.'s National Health Service when a medical student misplaced an unencrypted memory stick containing information on 87 patients. The data loss incident, the ICO said, was the result of inadequate data security training, which has become a focal point of the ICO's efforts.
The ICO's study didn't only pertain to organizations, however. Eighty-nine percent of surveyed individuals indicated they were concerned about the way organizations – both in the private and public sector – are handling their personal information. Positive perception regarding enterprise data management practices is also low, as only 49 percent of respondents believe their information is handled fairly and properly.
"Companies need to consider the damage that can be done to a brand’s reputation when data is not handled properly," Graham said. "Customers will turn away from brands that let them down."
At a recent event hosted by digital security provider Wave Systems, ICO deputy commissioner David Smith commented on the pervasive mistakes that companies make when it comes to data protection. According to a Computer Weekly report, Smith identified unnecessary data retention as one major concern. Businesses that hold onto information unnecessarily are more likely to lose it, potentially violating privacy rights.
Smith noted that employee awareness and enterprise policies are also practices that can be implemented to improve data protection. The items highlighted in such practices should include clearly defined responsibilities for security, access rights to new and departing employees and awareness regarding the implications of communication channels, including social media, mobile devices and company websites. Such practices could be implemented in virtually any business, which will help create a "culture in which data protection is taken seriously," Smith said, according to Computer Weekly.
Data Security News from SimplySecurity.com by Trend Micro