In 2010, the ICO (Information Commissioner’s Office) was awarded the power to impose fines to the tune of £500,000 on UK companies found guilty of breaching the Data Protection Act. Despite this, businesses are not reviewing their security protocols and procedures, reports a new survey commissioned by Shred-it.
Half the SME’s in the country believe that a loss or theft of data would not impact their business in any way. The research reveals that just 4% of the companies took the necessary action after the ICO’s announcement, which means that a whopping 96% had put their information management responsibilities on the backburner. In a case of ‘ignorance is bliss’, 58% of respondent firms said that they were unaware of the ICO’s enhanced powers.
Companies need to be aware of and fulfil their legal obligations with regard to data security. Their ignorance cannot be justified as, after all, this a formal law that has been put into place. They must take the initiative to protect and dispose off critical data in the right way or else they risk exposing their organizations to potential catastrophes.
The research shows that 50% of the respondent firms had conducted a review of their document destruction processes last year, while 21% said that they hadn’t reviewed their processes. About 16% admitted that they were unaware about whether or not the review had been done.
In the present business landscape, where data security is an important concern, small businesses clearly need to start taking their legal obligations seriously, and take the necessary steps to ensure information protection.