Now that the dust has settled on another year at Infosecurity Europe, the chocolate bourbons digested, the old sandwiches binned and the vast conference hall at Olympia generally made spick and span for some other obscure trade show, it might make sense to revisit the key themes. It's the bane of most tech journalists' lives, but love it or hate it, Infosec has become the undisputed king of the IT security world – if you're a vendor and you're not there, people will assume you have ceased trading.
The high profile keynote speakers this time around included Howard Schmidt, former White House cyber security advisor, Bruce Schneier, the renowned encryption guru, and Information Commissioner Richard Thomas. He's clearly pretty frustrated about the lack of enforcement powers and measly funding the organisation receives from government. At one point during his presentation, Thomas asked "what other watchdog has to ask permission before it investigates", and he's got a point. Until now the government has paid little more than lip service to the notion of data protection; high profile breaches seem to be just the tip of the iceberg, pointing to a more serious and deep-rooted cultural malaise which is affecting attitudes to safeguarding citizens' data.
But Gordon Brown has now finally given the go-ahead for the ICO to carry out random spot checks on government departments, with powers to do the same in private enterprises likely to follow. Thomas has noted before that the watchdog is not into witch hunts, and will do its best to help those who are trying to comply; but in equal measure he has made no secret that he will come down hard on those organisations which are flouting data protection laws.
Technology solutions can help in certain respects, controlling the flow of data into, through and out of the organisation, but it ultimately comes down to policy, people and process. With this in mind, organisations must be clear about their data protection policies, rigorously enforced and communicated to all staff. Be warned, the ICO is finally looking likely to fulfill its intended role; no more a passive lapdog but a watchdog with teeth.
No comments:
Post a Comment