Research reveals increasing pressure on organisations to improve data protection practice and knowledge as data protection and privacy regulation evolves
New research for Proofpoint highlights the challenges managers face in attempting to reduce exposure to the risk of serious data privacy breaches. The online survey of UK office workers, conducted independently by YouGov as the EU revealed its new framework for data protection, has highlighted patterns of behaviour that have developed in the workplace and are placing business at high risk of fines and reputational damage.
The online research reveals frequent risk of inadvertent data loss; 46% of respondents have received an email that was not intended for them, 35% know they have mis-sent work emails. The way in which recipients handle messages they receive in error varies, but with 66% of office workers who have received a work email that was not intended for them saying they would read the email as part of their response, the risk of further disclosure is high especially as only 55% would directly notify the sender.
17% of respondents say that they have sent an email containing sensitive information without additional security measures such as password protection or encryption in place. These people are aware of the sensitive nature of the data but do not use appropriate tools to protect it. This may be less of a surprise considering only 41% of respondents say they have had training in both data and privacy protection.
Managers working to educate their teams and impose control on sensitive data are fighting against a changing communication landscape; 28% of workers have sent work data via a personal email account either because of restrictions on sending large files or the unavailability of work email systems. These actions are potentially risky as only the most advanced security and message archiving systems can monitor, control and record these transfers. Coupled with the fact that 11% share information by file transfer services, 10% over IM and 7% on collaboration tools, the challenge for managers of developing comprehensive data privacy policies and deploying the right technology to enforce them becomes clear.
Businesses have a major challenge ahead in both making employees aware of privacy and data protection as the rules are tightened; 76% of respondents are not aware that privacy and data protection laws are about to change in the UK as a result of EU regulations changing, so the education and policy enforcement responsibilities for businesses are set to rise.
“Organisations today face a complex and evolving set of data protection and privacy considerations,” comments Paul Hennin, Director, EMEA Marketing. “Managers need to ensure that compliant collaboration is possible. Workers should be enabled to work flexibly, for example by supporting consumer devices like iPads on corporate networks and opening multiple channels of communication including email, collaboration tools and social media. At the same time they need to actively and automatically protect workers from human error, prevent malicious acts and ensure compliance with the evolving regulatory landscape.”