Data security and privacy: Out of the server room, into the fire
Data security and privacy is no longer just an ‘IT’ issue, the conversation between business and consumers regarding virtual data is now more pressing than ever before.
Where do you keep your most private and personal information? As few as ten years ago, your most vital private details, your photos and documents would more likely than not have been locked in a safe or stowed securely in a cabinet drawer. Today, the digital revolution means that our most important information from our passwords to our images, even our music, book and video collection, even the tracks of our online and offline activities, are moving to virtual storage. But what does this mean for the Australian consumer?
Well, firstly we should be more aware than ever about the security of our virtual information. When we recently conducted national research in data storage and consumers, we found that 40 per cent of Australians have rising concerns regarding their data security and privacy. And who could blame them? In the past year we’ve had major security breaches and data losses reported from companies like Sony, LinkedIn, even the government contractor tasked with delivering e-security alert services.
Whilst some may raise their hands in the air and cry ‘there is no such thing as security when it comes to online information’, legislation is already playing catch up to today’s digital world. The Privacy Amendment Bill 2012 states that organisations must take reasonable steps to protect the personal information they hold form misuse, interference, loss and unauthorised access. It will give the federal Privacy Commissioner the power to fine companies as much as $1.1m if they fail to do so.
Besides the very real legal threat, any business that holds customer data – and today that is practically every business – needs to also be aware of the increasing role that data security will play attracting and retaining customer. According to our research, 79 per cent of Australians either currently consider or believe they should consider, how and where their data is stored. Only 26 per cent currently trust businesses to hold this data responsibly. When it comes to virtual data, organisations are sitting on a trust time bomb.
IT has traditionally been a specialist area, often managed in a silo. But it is one that is breaking out of the server room. Business are grappling with ‘digital’ in general, technology is increasingly becoming a CEO issue – not just a CIO one. A report by Deloitte Access Economics from August this year underscored this when it suggested that firms in many Australian industries risked losing half their revenue within three years if they didn’t embrace the digital arena.
Data security is an issue that is now appearing on C-level agendas. As Australian Federal Police assistant commissioner Neil Gaughan was quoted in Computerworld: “Every organisation, large or small, needs to ensure they have a defence-in-depth strategy for protecting the vital assets on which their business depends.”
Most people, even educated business leaders, may not associate their virtual information with a physical location – it might as well be up in the sky as sitting in a server. For managers seeking to develop an all-embracing digital security platform, the first step is to get the bricks and mortar of your systems right – and build the network safeguards around a strong foundation.
But solving the dilemma of customer data is not solely about having the safest servers, the best firewalls and the latest security technologies. It is about understanding who your customers are and how they feel about their data. In the UK, think tank Demos recently looked at this issue in their white paper ‘The Digital Dialogue’. They found what constitutes ‘personal data’ varies widely. They also identified five categories of people when it comes to data sharing: non-sharers, sceptics, pragmatists, value hunters and enthusiastic sharers.
According to the Demos report: “Data sovereignty is the next big consumer issue”. For companies looking to defuse the trust timebomb, they must have collection and handling strategies that cater to this range of customers categories, and data storage strategies that give people confidence that their data is secure. There is no one size fits all solution, but the time is now to ensure all your IT and related systems are being operated with security in mind.
As published on abc.net.au