ICS Data Protection Blog Part of the ICS Blogs Network

One-fifth of respondents have been the victim of a data breach in the past twelve months according to a survey published by the Irish Computer Society (ICS) in advance of its annual Data Protection conference on Thursday, February 24.

The ICS ‘Data Protection Attitudes and Practices Survey 2011’ examined awareness of data protection and instances of data breaches among Irish companies. The survey involved 286 IT administration and management staff and revealed a lack of knowledge in Irish businesses of data protection requirements and data security issues.

The survey revealed a lack of knowledge among respondents of requirements under data protection law in Ireland. Among the findings was that almost half of respondents were not aware of new rules regarding the mandatory reporting of data breaches to the Data Protection Commissioner.

Less than half of those surveyed felt that data protection rights and responsibilities are given due consideration by senior management with one respondent commenting that “senior management ignore data security issues.”

Only a third of respondents felt that all staff members are aware of who is responsible for data protection in their organisation. The survey also revealed even where a procedure is in place to deal with a data breach only 15.2 per cent of respondents were confident that this policy is known to all staff.

Over half of those surveyed felt that they had not received sufficient data protection training while one in five respondents were not confident that they understand their responsibilities under the law for data protection.

Only 36 per cent of respondents felt that their organisation has a formal procedure in place following a data breach. The issue of cost of compliance with data protection legislation was also raised by one respondent who commented that “we are paranoid about security, but know most think it is cheaper not to be.”

While one in seven respondents had suffered a personal data breach in the past 12 months over two-thirds of respondents were not confident that they would be informed of a data breach involving their personal information. Several respondents commented on the level of secrecy surrounding data breaches and that “those who come out and report get in trouble, so there’s no motivation to report” while another remarked that “most organisations cover up data breaches.” “Senior management place no great weight on data security, people who report data breaches are seen as a nuisance or worse”, observed another respondent.

To increase awareness of data protection requirements and what is necessary to ensure companies are compliant with data protection legislation the ICS is holding its third annual Data Protection Conference. The conference will look at new and upcoming legislation and emerging issues in data protection and will take place on Thursday, February 24, 2011 at the Radisson Blu Hotel and will be officially opened by Billy Hawkes, Data Protection Commissioner.