Public, industry disagree on data breach disclosure

Two conflicting studies have today revealed a gaping difference of opinion over the need for security data breach notification laws between people and the organisations which hold their data.

The general public shouldn't be informed if a data breach occurs, according to an overwhelming majority (87 per cent) of UK IT managers polled in a global survey released today by content security vendor, Clearswift. Over half (61 per cent) didn't even think the police should be informed, despite growing industry debate over whether the European Union should implement breach notification laws.

Surprisingly, 60 per cent of the 398 IT decision-makers polled in the UK were unaware of the possible introduction of such legislation. But when informed, half (51 per cent) were in favour of such legislation being implemented.

Of those UK organisations polled, 15 per cent had suffered a data loss in the last 12-18 months and, of those, over half (58 per cent) had experienced more than one. And email was the most popular method of data transfer, despite almost a quarter (23 per cent) of organisations losing data in this way.

By contrast Symantec, commissioned Ipsos MORI to ask consumers if they would want to be notified if a public or private sector organisation lost their personal details. The overwhelming majority of respondents (96 per cent) said they would.

Bank account details (85 per cent) were priority for notification if lost, followed by their passport number (52 per cent). The security vendor also cited its earlier research that found the value of information lost in the UK due to data breaches was £47 per record compromised.

But when asked about the possible impact of data breach notification legislation, almost half (49 per cent) of UK IT manager respondents to the Clearswift survey envisaged their total annual IT spend increasing by at least five per cent. Some 26 per cent of IT managers expect that increase to be at least ten per cent.

In comparison, one in five (20 per cent) of the US respondents who have to adhere to data breach notification legislation, said they had seen no change in their IT spend since its introduction.

Stephen Millard, Clearswift vice president of strategy, warned UK IT organisations to get their houses in order regardless of any possible legislative threat. "This Clearswift research shows that when faced with the prospect of having to air some dirty laundry in public, companies are not confident they will emerge in a positive light," he said.

"This demonstrates the necessity of having appropriate measures in place to protect and secure sensitive information and for the IT community to accept responsibility for the information they manage."

Email to a friend

Print this page