Don’t forget the simple things when it comes to data security

Blog post   •   Jan 28, 2016 11:11 GMT

Today is Data Protection Day 2016, the day of the year when the EU encourages its citizens to find out more about their rights in respect of personal data and its collection and storage by third parties.

The inaugural Data Protection Day took place on January 28, 2006 and it has been held on the same day of the year ever since. January 28 is significant because it is the anniversary of the ‘opening for signature’ of the Council of Europe's Convention 108 for the Protection of Individuals with regard to the Automatic Processing of Personal Data.

Introduced in 1981, Convention 108 establishes certain principles for data processing by public and private sector organisations. It stipulates that personal data should be collected and stored for specific purposes; should not be kept for longer than necessary; and that the data collected should be relevant, proportionate and accurate. It outlaws the processing of 'sensitive' data relating to a person's race, politics, health, religion, sex life or criminal record, except where there are proper legal safeguards, and enshrines the right of individuals to know that their details are being kept and to correct them if necessary.

These principles underpin EU and national law, including the UK’s Data Protection Act, which, amongst other things, requires organisations to put in place appropriate security measures to prevent personal data they hold from being compromised in any way.

Complexity and cost

As citizens, we all benefit from these safeguards. However, for organisations that hold customer data the need to comply with data security rules adds complexity and cost.

A series of high profile data breaches throughout 2015 and the introduction of more stringent regulations, like the EU’s Network and Information Security Directive, have pushed data security to the top of the boardroom agenda. With the growing threat of cyber-attacks, an increasingly mobile workforce and greater interconnectedness of devices (the Internet of Things), securing data is more important – and arguably more difficult – than ever.

Cyber-attacks inevitably grab the headlines. Their scale; the risk to customers (especially when credit card details are involved); the damage they can do to a company's reputation and IP; the ever-changing nature of the threat; the varied motives of perpetrators (from anomic teenagers

acting alone to state-sponsored cyber warfare specialists); and awareness initiatives by the IT security industry are causing organisations to devote ever more resources to cyber security.

In its recent report, Cyber Security Market by Solution – Global Forecast to 2020, Markets and Markets predicts that over the next five years the global cyber security market will grow at a compound annual growth rate of 9.8%, from $106 billion in 2015 to $170 billion in 2020.

The risk of printed documents

Justifiable concern about IT security should not distract organisations from the need to tackle smaller scale, quotidian security risks, such as leaving confidential documents on the train, failing to secure office premises or sending sensitive information to the wrong person.

The latest Data Security Incident Trends Report from the Information Commissioner's Office (ICO) highlights that it is not only electronic data that is at risk. A large proportion of the 559 complaints received by the ICO in July to September 2015 relate to the security of printed documents. These include loss or theft of paperwork – the most common security incident of all; data posted or faxed to the wrong recipient – another Top Three complaint; and the insecure disposal of paperwork.

Unlike hacks and cyber-attacks, which are usually undertaken by actors beyond an organisation’s control, the three types of security breach mentioned above are caused by human error and/or faulty processes. And all are highly preventable. With the broad range of address management solutions available – many of them provided by Neopostand intelligent folder inserters that can control, track and validate envelope insertions, there can be no excuse for sending letters to the wrong destination.

Yet, according to the ICO, this problem is growing. Incidents of data being posted or faxed to the wrong recipient have been going up since the end of 2014, including an increase of 11% in July-September, compared to the previous quarter. Of these, almost all (95%) were caused by data being posted incorrectly.

For Data Protection Day 2016, don’t just focus on the threat to electronic data. Consider also how you can maintain the security of printed documents you send through the post. Simple address management is a good place to start.