Data storage legal knowledge in decline, says survey

More action and legislation from government needed, suggest respondents.

A declining number of C-suite executives are aware of the laws around storing confidential data, according to a survey.

Little more than half of executives (52 per cent) questioned in this year’s Shred-it Security Tracker claimed to be ‘very aware’ of the legal requirements concerning the storage and disposal of confidential data, compared with 67 per cent last year.

The survey of 1,100 Australian businesses also revealed ambiguity from executives around the fines for lost information under privacy laws. Only 46 per cent of C-suite executives were aware there was a financial cost associated with a data breach.

The results highlighted a need for clarity around the legal obligations for businesses, and recommended more action from the government.

A growing number of large businesses said there was a need for improvement in the government’s commitment to information security, with 34 per cent of executives saying so this year compared to 19 per cent in 2015.

Thirty nine per cent of respondents from large organisations said that additional legislation would put pressure on their organisation to change their information security policies.

“Businesses must understand the responsibility they have to ensure their employees fully understand how to handle and dispose of information,” said William White, national sales manager, Shred-it Australia.

“Leaked confidential information can not only hurt a company’s reputation but also put them on the wrong side of the law. There’s an urgent need for all Australian businesses to closely evaluate their organisation’s policies and to implement protocols.”

To err is human

Despite the rise in cyber attacks on businesses, hHuman error' or 'accidental loss' by an employee was identified as the biggest source of a potential data breach by 38 per cent of C-Suite executives, the survey found.

Malicious intent was not seen as a likely cause for concern, as only 16 per cent of C-suite execs believed that deliberate theft or sabotage by a third party to be the most likely source of a data breach.

The majority of large businesses (82 per cent) said they audited their organisation’s information security procedures at least once a year.