Governments fail to keep track of user data


19 Sep 2007

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Just three out of 10 public sector organisations have an accurate account of the user data they store and what location or jurisdiction this data is held at, according to the 5th annual Global State of Information Security Survey 2007, a worldwide study by CIO Magazine, CSO Magazine and PricewaterhouseCoopers.

The survey, which is the largest of its kind, was launched yesterday at the 2007 Info Ireland conference and contains the results of questioning 7,200 IT, security and business executives in 119 countries including Ireland.

The report further found that of the public sector organisations worldwide who were questioned over 50pc said that there was a disconnect between their physical and information security organisations with no policies to integrate them.

These government specific figures reveal an underlying trend observed by the report across all sectors: although most organisations have IT security policies in place, they don’t necessarily fit with the overall company policy.

Many employees aren’t trained on these policies, or the effectiveness of these security strategies is not monitored.

Specific to Ireland, the Information Security Survey 2007 found that under a third of organisations feel that their security policies are actually aligned with their business objectives, with only 24pc of spending in this area seen to be in line with the company’s goals.

While it seems that spending on security infrastructure is strong across all sectors both in Ireland and globally, this investment can be rendered ineffective if security policies and procedures are not followed at all times, notes the report.

Speaking at yesterday’s conference, Data Protection Commissioner Billy Hawkes said that data security is still a critical issue for organisations dealing with personal information.

“Failure to provide adequate security is not only against the law, it’s also a breach of trust with customers. Data security will therefore be an important focus of my office’s audit programme over the coming years,” he said.

By Marie Boran