Nearly half of Irish IT administration staff surveyed by the Irish Computer Society (ICS) believe they were not given adequate data protection training, with some saying they received none at all.
The ICS Data Protection Survey 2012 was conducted with more than 300 IT administration and management staff which revealed an improved knowledge of data protection requirements and data security issues in Irish businesses.
More than two-thirds of respondents said they have a clear understanding of the current legislation around data protection in Ireland. However, the survey also found that over the last 12 months, nearly half of respondents said their companies experienced a data breach.
Fifty-eight per cent of these breaches were caused by a staff member more as a result of internal failure and lack of awareness than from external data theft.
Thirty-four per cent rated their companies as placing too low of a priority on data protection, while 28pc felt that the biggest threat to an organisation’s assets came from negligent employees.
One-third of respondents claimed they didn’t know whether or not their company had a formal data protection policy.
Three per cent believed that more punitive penalties should be put in place for breaches of data protection legislation and more than 50pc felt formal training and awareness programmes should be conducted on a regular basis to educate staff on data protection best practice.
New legislation passed in late January will address the issue. The legislation will require medium and large companies to implement a formalised data protection training programme and to appoint a data protection officer. It will come into effect by 2014.
“Employees might appreciate the importance of data security, but organisations need to instil a culture of compliant data management,” said Hugh Jones, professional services consultant with the ICS.
“Clear policies and procedures are vital, with regular refresher training and timely reviews to ensure that staff are complying with the structures. It is as much a case of protecting the organisation’s commercial reputation, as it is of protecting the individual’s privacy,” he said.
The survey comes prior to the ICS’ fourth annual Data Protection Conference, which looks and the new and upcoming legislation and emerging issues in data protection. It will take place on 9 February at Croke Park, Dublin.