Supporting the value of information in your enterprise

FreePint BlogData protection - being small won't help

Wednesday, 11th April 2012 Please login top-right to be able to star items

By Tim Buckley Owen


Many companies remain remarkably complacent about data protection, with many believing it to be the domain of the boardroom or IT department rather than every employee's responsibility. Individuals are also relaxed about others knowing their personal data. It seems that a cultural shift is needed in terms of privacy risks.


Complacency about sensitive information is putting European companies’ reputation at risk – but then some users seem equally relaxed about taking risks with their own personal data. Culture, not technology, appears to be the issue – so, as the authorities in both Europe and the United Kingdom continue to tighten up on data protection, there’s work for information managers to do.

A mere one percent of mid-sized European businesses consider information risk to be the responsibility of every employee, according to a survey by PricewaterhouseCoopers (PwC) for the information management firm Iron Mountain. Only 13% believe it’s a boardroom issue, compared with a third who think it’s exclusively the responsibility of the IT department – so it’s little wonder that the companies surveyed scored a pathetic 40.6 on average out of a possible 100 on PwC’s Information Risk Maturity Index.

As Iron Mountain indicates, it’s a cultural shift that is needed – not least because users too are becoming less concerned about privacy risks. The latest Adult Media Use and Attitudes report from the UK telecoms regulator Ofcom shows that a quarter of social networkers are relaxed about letting people they don’t know discover their date of birth or home town, and about one in six will share their details with anybody.

Whether people choose to have a care for their own privacy or not, the UK Information Commissioner’s Office (ICO) continues to tighten up on the rules. It recently issued guidance making clear that even people who are simply processing data on behalf of clients may in fact be data controllers themselves – with all the obligations that implies – depending on how much discretion they have over the data’s management.

In further guidance, the ICO has said that data controllers should be able to search both their live and archived records if someone wants to see what information the organisation holds about them. The argument that such a search would involve “disproportionate effort” is unlikely to impress, it warns.

Meanwhile across the Channel, the European watchdog the Article 29 Working Party has expressed some “disappointment” with the proposed new European data protection law. It disapproves of having a separate Directive for police and criminal justice, picks holes in proposals for a “right to be forgotten” and calls for a “one stop shop” for data subjects to visit.

What’s more, it doesn’t like the idea of small and medium sized enterprises being let off the hook. Data subjects should have the same level of protection regardless of who’s processing their data, it says.

So data protection isn’t going to go away. It will continue to affect businesses at every level – and, as so often seems to be the case, technological fixes are only part of it.


About this item:

Click to visit the FreePint Blog Related FreePint Blog items:

Item Topic Category:

View all Topic Categories »

Tim is an information skills trainer and writer on the information industry with over 40 years' experience in the profession. His career has encompassed information management, writing, editing, training, government policy advice and corporate media & marketing.

Besides writing for FreePint, Tim runs courses for training providers and private clients on enquiry handling, abstracting & summarising, information packaging & presentation and information management. The sixth edition of his classic handbook Successful Enquiry Answering Every Time is published by Facet Publishing. You can find details of Tim's training services at

Tim can also be reached at

More articles by Tim Buckley Owen »

« See all FreePint Blog items

FreePint Topics
Sources: Staying informed and aware
Technology: Improving information work with technology
Value: Maximising value for information work and investment
FreePint Newsletter

Keep up-to-date with the latest FreePint articles and tips by email twice a month.

Email address:

Newsletter 396
10th April 2014

FreePint NewsletterWe highlight details of our latest product reviews, webinars & consulting projects. Find out about upcoming Community of Practice sessions.

Register free »
Newsletter archive »

Have a FreePint Subscription?

"Yes, we subscribe"

Login to MyFreePint to access purchased content, be able to 'star' items, and to share items with your colleagues.

"No, not yet"

Find out more about the benefits of accessing all our premium articles, reports, webinars, communities of practice and consulting, through a FreePint Subscription

Keep up-to-date by signing up for the FreePint Newsletter.

"Don't know"

Contact us and we'll check if someone in your organisation has already purchased a subscription.

FreePint Subscription

A FreePint Subscription gives access to all FreePint content (articles, reports and webinars), Communities of Practice and consulting. Find out more.