You are the weakest link!

Digital leaders from across the North West came together in Manchester to discuss the issue of privacy and security online and where individual responsibility ends and corporate responsibility takes over. Nathan Rodgers, Local Government Director at General Dynamics Information Technology (GDIT) and Nick McAlennan, Media Law and Reputation Management lawyer at JMW Solicitors LLP represented each side respectively in a debate hosted by Kevin Harrington who chaired the meeting on behalf of Digital Leaders North West.

Nick initiated the discussions with a view of privacy driven from the perspective of the individual, or the “data subject”. From a media law perspective, recent cases associated with phone hacking, misuse of personal information, super injunctions and data leaks have brought the subject into the public arena and mainstream media. With complex data protection laws, the legal and commercial implications an organisation can face when getting this wrong are far from clear. Recent cases do indicate an increasing risk (and therefore cost) associated with not having adequate policies and procedures in place. The prevalence of class action cases (or group litigation) in the U.S. is crossing the Atlantic with a recent notable high profile case now progressing to the Supreme Court in the U.K. This signifies a changing landscape and as a result, legal interpretation of personal data is changing. With a possible fine of 4% of global revenue associated with data breaches or negligent data security protocols, now would certainly be a good time to review your data security.

As the risk associated with poor, or even negligent, data security policies increases, there could be an assumption that someone needs to take responsibility for the issue. Nathan Rodgers, GDIT’s Local Government digital transformation lead suggested that who owns this responsibility is far from clear cut. Traditionally, I.T. (either departmentally or individually) owned this risk. With the proliferation of data sharing, cloud based services and digital platforms, this preconception has all but disappeared. Inevitably, there is now a level of responsibility at an individual level. Technology can restrict, control and limit access to all but a handful of hackers worldwide. So after an organisation has built the most robust, secure and bullet-proof systems, what could possibly go wrong? The answer is… you. You, the individual, as either employee, consumer, data subject or contractor are the most likely to be the weakest link in any organisation.

Having established that you (or any person in fact) are the most likely route through which unauthorised data or information will leak, what can an organisation do to prevent this from happening?

The discussion was broad ranging and suggestions included:

  • Employers seeking appropriate insurance cover.
  • Better formalised education for employees about their information security responsibilities.
  • Reviewing employment contracts to ensure responsibilities relating to data protection are included.
  • Tightening the organisational approach to penetration testing.
  • Reviewing what type of data you do actually need to keep as an organisation.
  • Improved standards on data protection – self-assessment for organisations is a good place to start.
  • Giving consumers more choice about the data they make available and to whom they make it available.

Please note that we would always suggest you seek expert advice on the issues raised above.

This discussion continues on the Digital Leaders North West Knowledge Hub Group but feel free to contact Nick McAleenan or Nathan Rodgers directly and they would be happy to talk about your individual requirements.

For those who want to research the subject in greater detail, we would suggest the Information Commissioner’s Office website and please feel free to register to receive GDIT’s free Digital Transformation White Paper here.

Our thanks to James Brayshaw, Managing Director, Winshaw for this blog.

Security level: Public

More Blog Entries

The digital skills challenge – do you have the answer?

It was great to see one of our largest turnouts ever for the first Digital Leaders North West...

Tech Nation and the View from the North

Richard Gahagan, CEO, We Are Adam, reflects on the recent ‘ Tech Nation 2016 ’ report and what...


John Rudkin 4 Years Ago
A very interesting salon, and a key area that proved everyone has an interest in being aware of the issues raised. I read today (09/03/2016) about more security breaches emphasising the increased importance of focus, but also that digital data is not the only area of attention. Exaro claims another 105 breaches have occurred in the NHS this year alone... and reading about those listed, the predominance of human error is indicative of a need for action on education. Digital data breaches are not emphasised, and practical human errors may actually be prevented by better technological solutions.
Tim Pinder 4 Years ago in reply to John Rudkin .
I read that Exaro report very differently to you, John. I don't want to appear to minimise the seriousness of data breaches but the bald number doesn't tell us very much about anything: how many records were compromised? What information did they contain? Every organisation, public or private sector, should think carefully about how they store, use and share the information they hold. There are literally millions of dataflows within the English NHS (I notice Exaro didn't specify whether they were talking about the UK as a whole) and I've been responsible for a couple of breaches where I have inadvertently forwarded NHS numbers to recipients that weren't supposed to see them. But if the reported number of breaches within the NHS in a whole financial year is only 105 then that's either a testament to how good the NHS is at maintaining security or an indictment of their reporting process.