Data breaches in the UK – and no reporting to the authorities
July 1, 2008 |
Outlaw.com reports that nearly two out of three marketers have had client’s data lost or stolen in the last 2 years. Ninety percent of those instances were not reported. The report provides:
Nearly two out of three people working in marketing have been part of an exercise in which customers’ data has been lost or stolen in the last two years alone, a study has found. In 90% of cases the incident went unreported.
Research conducted on behalf of marketing email firm StrongMail found that 61% of marketing workers and 43% of data protection workers had experienced personal data breaches. The survey was conducted amongst 900 workers in those two fields.
Only 10% of the people surveyed reported that any breach had been notified to privacy authorities. There is no legal requirement for data breaches to be disclosed, though a number of US states have laws demanding such disclosure.
Over two thirds of the marketing workers believed that the incident resulted in the loss of customers for the firm responsible for the breach.
Half of the workers believed that the breaches were connected to the outsourcing of work to third parties such as vendors, business partners or contractors. The research found that 78% of marketers who outsource their email marketing had suffered breaches.
“A cavalier attitude towards outsourcing customer data to third parties combined with complacent processes for keeping that data safe is a recipe for disaster,” said Paul Bates, managing director of StrongMail in the UK. “The fact is confidential customer data doesn’t travel well and providing it to third parties for outbound marketing purposes can, as the research shows, be a risky proposition.”
The survey also found that a quarter of marketers are not even sure whether or not their firm’s practices are within the laws and regulations on data protection and privacy. It did find, though, that 87% of data protection workers believed their firm operated within those laws.
On the more general question of whether their companies’ marketing programmes violate customers’ privacy rights, a third of data protection workers and more than half of marketers said they were unsure whether or not the programmes violated privacy rights.
Report author Larry Ponemon said, though, that many companies seem prepared to tackle the problem by calling a halt to the outsourcing of email campaigns.
“Although 60% of UK marketers outsource their email marketing today, 65% of marketers would consider in-sourcing their email marketing campaigns to ensure greater protection over personal data,” he said. “The message is, albeit slowly, getting home.”
The issue of personal information security breaches has become increasingly sensitive in the aftermath of HM Revenue and Customs’ loss of 25 million people’s personal data last year.
By the end of April this year the Information Commissioner’s Office said that it had been notified of 94 privacy breaches since the HMRC debacle the previous November, 62 of them in the public sector.
Last week four reports on the HMRC breach were published which criticised the data security policies of HMRC and outlined ways in which public sector data security could be improved.
It makes you wonder what is going on in Australia.