It has never been easier to communicate with a wide range of organisations or individuals, to conduct international business or to search and find information. It has also never been easier to disseminate and misuse data, intentionally or not.
Many of the failures relate to the breakdown or simple lack of adequate procedures for handling personally identifiable and commercially sensitive data. This is where the focus now needs to shift and more effort must be put into ensuring the processes that surround the movement and management of personal data are fit for purpose.
We would be appalled if a bank processed our money transfers by sending cash in a briefcase on a train. With data, the same expectations should apply.
We believe that equipment thefts and losses were the most common types of self-reported data loss, but data disclosed in error is the second largest factor in the leakage of information.
In these cases, it is the processes surrounding the use and disclosure of information that are likely to have failed, not the mechanics of data security. So measures such as encryption only address part of the problem.
It is unrealistic to prevent data sharing, but it is important that the right questions are being asked and that information is held in a manner appropriate to the value that individuals place on their personal information.
A lot of people only value an object they can see, smell and touch. But we live in a digital world now and there is just no excuse for sloppy, physical data transfers.
The fact that removable media storage devices are still used for information sharing is astonishing. I believe that no self-reported losses have happened via electronic transfer over the last three years.
The ICO has asked for submissions on the first ever UK code of practice on data sharing, which must be received by 5 January. The code of practice aims to set up a model for public, private and third-sector organisations to follow whenever sharing data.
Recommendations go beyond the physical protection of data to guidance on protecting the integrity and context of the information.
This should really help organisations identify the type and nature of the processes they require to address the 'data disclosed in error' and 'procedural failure' categories of loss.
Steps should be taken to ensure the accuracy of data before it is shared and that different IT systems do not corrupt the information. For instance, is a date field stored in the format dd/mm/yyyy by one company, and as mm/dd/yyyy by another?
Precisely what that date represents needs to be clear as well.
Data must also continue to be protected by the recipient and any other organisations or people that will have access to it.
In an age of WikiLeaks, huge fines for data breaches and the consequent reputational damage, data management needs to go beyond encryption and password protection, in the same way organisations have procedures to ensure their funds are not lost, stolen or misused.
Tim Holyoake is a lead technologist for strategic business solutions at Software AG
CRN's Nima Green caught up with Chris Labrey for a quick Q&A at CRN's recent European Channel Leadership Forum
We caught up with the Atea chief exec at CRN's European Channel Leadership Forum in London
Andy Gillett has been appointed GM for the UK and Ireland
UK is one of two countries to see rollout of vendor's newest subscription service