There is plenty of evidence to suggest that data security tops the minds of IT Managers and all of those tasked to administer data-bearing assets, from planning and deployment to utilisation and retirement. But there is a major gap and plenty of contradictions between stated policies and the reality on the ground.
ICT Reverse’s recent findings reveal that 9/10 senior managers are concerned about the possibility of a data breach, which could affect their company’s image, expose their organization’s data to outsiders and lead to unexpected and spiralling costs. Despite this, many companies still do very little to prevent breaches from taking place, especially when disposing of end of life assets.
The Information Commissioner’s Office (ICO) has reported a 31.5% increase in the number of data breach incidents reported to it by organisations in 2016/17. In total, the ICO was notified of 2,565 data breaches by the organisations affected, up from 1,950 the previous year.
According to the figures published by the ICO, health bodies were responsible for 41% of all data breaches self-reported to the watchdog last year.
Telecoms companies were also responsible for a greater volume of cases of self-reported data breaches last year. Those businesses are obliged, under e-Privacy regulations, to self-report such cases to the ICO. The watchdog said it received 1,005 notifications of breaches by the telecoms providers last year, compared to 613 in 2015/16.
Companies of all types will be under a new legal duty to notify data protection authorities of certain data breaches they experience under the new EU’s General Data Protection Regulation (GDPR), which comes into force on 25 May 2018.
The statistics also revealed that the number of data protection concerns raised by the public rose to 18,354 in 2016/17, up from 16,388 the previous year. The biggest proportion of concerns raised (42%) related to individuals’ rights to access their personal data held by organisations, while 17% of cases concerned the disclosure of data.
Craig Smith, Managing Director at ICT Reverse, said: “We will continue to advise and educate our customers on the new GDPR legislation. Our account managers are working closely with organisations to help them to understand their obligations on end of life IT asset disposal”.