Holistic Data Security – It’s Everyone’s Responsibility

Organisations are constantly fighting the battle to protect their data from unauthorised access. This valiant effort is usually the responsibility of a Data Protection Officer (DPO). Assigned to strengthen the organisation’s data security practices, the DPO’s job is crucial in ensuring that private and confidential information stored by the organisation is protected against internal and external threats. It only takes one breach[1] to leave the organisation vulnerable and exposed to reputational damage, the wrath of their clients and potential fines. With organisations storing copious amounts of confidential data in this data-driven economy, they must ensure that their data and their stakeholder data is secure. 

Fighting an Uphill Battle

One of the DPO’s core focus areas is to develop a solid defense against data breaches, refining processes to ensure that the organisation’s data is adequately secured. In this endeavour, DPOs are faced with multiple challenges, including on occasional lack of support from employees who may not understand why data security is so important. Employees may feel that they are not equipped with the right abilities or tools to ensure that the organisation adopts good data security policies. Many are also unaware that most data breaches are accidentally caused by careless employees, like the DataPost data breach[2] that happened in late 2017.

Ignorance Is Not Bliss

It is important to educate employees when it comes to the disposal of personal data or confidential documents held by the organisation. Many are unaware of the severity of the consequences, if the disposal of personal data is mishandled. Organisations who are found non-compliant to the PDPC and GDPR can face monetary fines, reputational damage and business losses. Throwing confidential documents into the general waste without securely shredding them first is an unsafe practice that every DPO must stop in its tracks. Believing that documents thrown into a recycling bin will be discarded securely is another common misconception which employees need to be educated about. On a similar note, hard drives thrown into e-waste bins can also be easily accessed and the information retrieved.

It’s Everyone’s Responsibility

It is truly vital for every organisation to inculcate a culture of data security, ensuring that all employees play their part to protect the data in their care:

• The DPO can work with the Human Resources department to coordinate routine department spring-cleaning activities and implement regular security checks to ensure that employees are doing their part for the organisation’s data security.
• Departments can appoint team leaders to ensure that their department is maintaining a clean desk policy, shredding all documents and ensuring that hard drives are disposed of securely.
• Organising competitions which reward departments who have adhered to data security practices is one way of encouraging a stronger team culture in the protection of organisational data.
• DPOs can hold internal workshops to ensure that employees in their organisation understand what it means to practice good data security habits. Getting all employees to understand the importance of their actions in practicing good data security habits is the way forward towards helping their organisation stay safe.

Start Protecting Your Business

An organisation that integrates personal data protection into its business processes can help reduce the risk of data breaches. Learn more about how Shred-it can protect your documents and hard-drives by contacting us for a quote and a security risk assessment.

[1]The Straits Times. 2018. Share lessons learnt on data breaches with public. [ONLINE] Available at: https://www.straitstimes.com/forum/letters-in-print/share-lessons-learnt-on-data-breaches-with-public. [Accessed 17 September 2018].

[2] The Straits Times. 2017. Watchdog penalises firm for data breach. [ONLINE] Available at: https://www.straitstimes.com/singapore/watchdog-penalises-firm-for-data-breach/ [Accessed 19 September 2018].