Who’s ultimately responsible for protecting personal data – Individuals or Organisations?

It is fair to say we are constantly updating and sharing our personally identifiable information (PII) across our growing personal online and offline networks – friends, family and organisations – everyone who can provide a benefit or service to us.

But, who are we sharing our information with and where is it stored? It’s not always a question we think to ask in every situation. The crucial point about PII is its valuable and illegal trading of this information has become a true cash cow for criminals.

So what do we mean by PII? What is this valuable information? It is information that can be used to distinguish or trace an individual’s identity, eg. their name, national insurance number, date and place of birth, mother’s maiden name, driving license, passport number, address, gender, medical, educational, financial, legal and employment records.

And we’re all sharing it – it’s just part of daily life – right?

So, from an organisational perspective when managing employee or customer PII there has to be a clear set of parameters. These include having the right protection, compliance, management and storage of data.

95% of organisations who have experienced a data breach have invested time in preparing their data breach response plans and sourcing, in advance partners who have the capability to support them with forensics, legal, insurance, crisis PR, and data breach notification.

But who’s ultimately responsible for protecting personal data?

Experian commissioned ComRes, a member of the British Polling Council to survey 2008 British adults and 44% of them said they rarely or never change their passwords.

When looking at the results from our survey of 302 SMEs, the majority of SMEs said it’s the organisation’s responsibility to protect personal data, however a large percentage of SMEs thought they only carry part of the duty.

A paradox:

– 42% of consumers believe it is the Company’s responsibility to protect consumer data, but…
– 45% of organisations believe it is not solely the company’s responsibility.

The harsh reality for SMEs:

– 64% of consumers would be discouraged from using an SME’s service following a data breach.
– 95% of consumers said they would take action against an organisation that had lost their data.

There is no doubt that everyone has a part to play, both organisations and consumers can work together to protect personal information and manage the ever increasing risk of identity theft. In reality, organisations are rarely seen as the victim when it comes to a data breach, so educating and supporting consumers is a key role for any organisation that puts those trusted relationships at the heart of its organisation.