Data protection awareness up as firms seek to avoid fines

18 Feb 2013

Awareness of data protection requirements is increasing in Ireland, with 80pc of a survey group saying they now have a named person responsible for this area in their organisations.

The Irish Computer Society has released findings from a survey of more than 250 IT professionals.

It found that avoiding penalties and protecting organisational reputation were the top 2 reasons for complying with the Data Protection Acts and for increased use of policies in this area.

The survey also showed a reduction in levels of confidence that employees are aware of their own organisation’s data protection policies. In a statement, the ICS said this pointed to the need for ongoing training and promotion of the data protection position within organisations.

According to the findings, negligent staff members pose the greatest risk to the safety of data; 43pc of organisations said they had experienced a data breach in the past 12 months and of that number, most were caused by their own employees.

Fintan Swanton, president of the Association of Data Protection Officers, said: “Organisations might appreciate the importance of data security, but they must also instil a culture of compliant data management throughout the company, not just amongst the designated data protection personnel.”

MJ Flood Technology survey results

Last month in a separate survey, the IT provider MJ Flood Technology found that 40pc of Irish organisations have no documented IT disaster recovery plan, and 44pc have no IT budget allocated to backup or disaster recovery technologies.

The MJ Flood poll also found that 20pc had a “serious” case of data loss in the past 12 months. 

The cost of complying with data protection rules remains an issue. Federico Etro, professor of economics at Ca’ Foscari University in Venice, has calculated that for the 40,000 large companies based in the EU, the cost of appointing a dedicated data protection official would be €75,000 per organisation.

The European Union is in the process of harmonising its existing data protection regulations across the Member States, aimed at ensuring greater transparency on information that is collected about individuals and strengthening people’s right to have that data protected.

At a recent event hosted by law firm Matheson in Dublin, it emerged that EU policy-makers plan to seek agreement on the proposed new data protection laws later this year, and it’s expected businesses will have to comply with those new regulations by 2015.

Gordon Smith was a contributor to Silicon Republic