A new survey of almost 1200 organisations has revealed deep
concern about the robustness of the UK's current data protection
legislation. The survey, conducted by IT security and data
protection firm Sophos, discovered that nearly 50% of respondents
feel that the laws are too relaxed and require revision, while a
staggering 87% feel that organisations should be forced to disclose
when sensitive data about the public is exposed.
The survey, which was designed to gauge respondents' views on
current legislation, showed that 36% were concerned about the
additional complexity and 16% were concerned about the associated
costs of complying with the legislation.
In April this year, the ICO was empowered to impose fines of up
to £500,000 on companies found to have breached the data protection
principles, while the Ministry of Justice (MoJ) earlier this month
issued a Call for Evidence to learn whether the European Data
Protection Directive 95/46/EC and the Data Protection Act 1998 is
working and how it is impacting on individuals and
"Data protection legislation is obviously big news in the UK
right now, and we were interested in capturing the general feeling
of businesses," said Ciaran Rafferty, VP of Sophos UK and Ireland.
"The survey's findings revealed that while almost 40% of businesses
were confident they complied with the legislation, more than half
were unsure or concerned about whether they were compliant. Sophos
would urge all businesses with concerns about the current UK
legislation to offer their views to the MoJ. Only with feedback
from UK businesses can the MoJ properly assess whether the
legislation needs further amendments."
Earlier this year,
Sophos teamed up with law firm Field Fisher Waterhouse (FFW) to
help organisations avoid the serious consequences linked to
security breaches and data loss. This partnership was set up both
to educate companies on the current legislation and provide them
with advice on the most efficient and effective way to comply with
its requirements. In the event of a breach, this partnership aims
to direct organisations through the incident response process in
order to improve their position amongst regulators as well as avoid
"It is no surprise that data breaches and data security are of
increasing concern for both public and private sector
organisations," said Stewart Room, data security lawyer and partner
in the Privacy and Information Group at Field Fisher Waterhouse.
"Working with IT security experts at Sophos, we are advising
companies on how to avoid data breach incidents, as well as help
them deal with the aftermath and potential consequences."
Sophos and Field Fisher Waterhouse aim to educate organisations
by holding bi-monthly data protection breakfast briefings, security
forums and publishing a selection of whitepapers.
"Organisations today need trusted experts to help avoid the
risks," explained Ciaran Rafferty. "This survey underlines the need
to educate, advise and then provide practical security solutions.
Together, Sophos and FFW are helping organisations avoid regulatory
investigations, loss of clients and reputational damage."
Another question asked if data protection legislation was
preventing companies from running their organisation effectively to
which 41% responded that cost and or complexity were issues.
Sophos has published
ten top tips for protecting sensitive data in organisations
from theft or loss.