According to some recent and rather worrying research, the question as to who is responsible for data protection is that it’s a HR problem, some executives say.
According to a spread of UK executives who were asked about where the responsibilities are in terms of compromised credentials, like stolen or misused passwords, it’s a HR training issue.
It’s understood that one-fifth of respondents placed the responsibility in the hands of HR departments, with close to a thousand executives questioned. Some respondents also considered compromised credentials and weak passwords as very little risk to the business as well.
Who is responsible for data protection when it comes to compromised credentials? It’s a HR thing…
Is this kind of attitude simply passing the buck? The question as to who is responsible for data protection in an organisation is incredibly important, and it goes above and beyond one person or one department.
With so many UK businesses still failing to respect cybersecurity, it’s no wonder there are constantly breaches hitting the news.
Simply put, everyone within an organisation is responsible for data protection, and although HR training may be a key factor in learning and enforcement, company executives need to take personal responsibility for it as well.
The Equifax data breach was a classic example of leaving the responsibly being with just one – or a small number of – person(s). The addition of a security patch was somehow forgotten, and this led to a huge breach last year affecting 700,000 UK residents.
Why do executives need to take personal responsibility for data protection?
If an organisation is responsible for breaching important data protection laws, here’s what they may face:
- Legal action for compensation for victims. Imagine if there are just a thousand victims claiming and they each recover £5,000.00 in damages. That’s a damages pay-out alone – not including costs – equating to £5,000,000.00 (five million pounds);
- The Information Commissioner’s Office could impose fines of up to £17m r 4% of the organisations global annual turnover in accordance with the new GDPR that came into force in May 2018;
- Consumers are now looking to take their custom to organisations who offer good data protection, and who have not been involved in big data breaches. Profitability and data protection practices are now directly linked.
And that’s just three reasons. So, company executives, having read through those reasons, shall we ask again: who is responsible for data protection? Is it a matter to pass off on your HR department, or is the potential of your company paying out £22,000,000.00 (twenty-two million) in damages and fines, using the above example (which doesn’t include legal fees or the impact of profitability), something to think about?
Compromised credentials can be a huge risk to organisations
Compromised credentials can actually be a huge risk to organisations, whether it stems from stolen information or weak passwords resulting in systems and servers being broken into. Even the smallest of data breaches can lead to huge problems for victims and the organisations.
Given so much of businesses these days are linked together and online / in the cloud, even one administrator’s compromised credentials could allow a hacker to gain access to personal and sensitive – and even financial – information within the organisation.
Hackers are not fools. They’re usually highly intelligent, good at what they do and are incredibly innovative.
So, who is responsible for data protection? In reality, we all are. It’s everyone’s problem and everyone’s responsibility.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on August 03, 2018
Posted in the following categories: Cybersecurity GDPR ICO Security and tagged with cybersecurity | data breach | data controllers | database security | online security