Remember the big fuss that spread all over the world when HM Revenue and Customs, the UK government department that deals with income tax and the like, managed to lose discs containing the financial details of 25 million people? amazingly, the official Independent Police Complaints Commission enquiry into the shameful affair has concluded that no one can be blamed for the HMRC data loss, but rather it happened as a result of the culture in the department. Citing a lack of adequate training and support, the reports says it was just a bit of a muddle really.

Well that's OK then. Not!

Greg Day, security analyst from McAfee comments:

“With a growing volume of data loss incidents occurring, businesses have to recognise the value of their data and the controls required around it. Effective data protection requires clear data classification so appropriate practices can be applied. The Government already had both of these in place, putting it in a more advanced position than most in managing data usage but human mistakes are a challenge every business or organisation face. Recent research from McAfee Data Protection (formerly SafeBoot) show that 98 per cent of UK office workers don’t see the protection of corporate electronic data as their responsibility, this is an attitude that needs to be changed. Whilst technology can always provide a back up, employees need to be educated about why they should be careful with data and usage policies are needed to enforce good data protection practices.”

According to McAfee Data Protection research:

  • 98 per cent of UK office workers don’t see the protection of corporate electronic data as their responsibility
  • 25 per cent of employees think it is their boss’s responsibility to protect data
  • Since the HMRC data loss incident, 80 per cent of IT managers have tightened their security policies and 40 per cent have seen increases in their security budgets

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.