In a week that saw a Boeing 777 go missing with 239 passengers and crew on board; the political stability of the Crimean peninsula threatening to reignite the ‘Cold War ‘and A Royal Navy warship HMS Argyll accidentally firing a torpedo in a Nuclear dockyard, you would be forgiven for thinking does data really matter?
Unfortunately if you work for Morrisons supermarket the answer would be an resounding ‘Yes’; not because they announced an annual loss of £180 million but because on Thursday, they confirmed they had suffered a major data breach. The supermarket confirmed that sensitive payroll information of nearly 100,000 employees had been published on a website and a CD of the information also sent to a national newspaper.
The data is said to have included Name, Address, Bank Account Numbers and Salary Details of the employees concerned. Not wishing to critique anyone at this point but under the Data Protection Act (DPA) none of this information is ‘sensitive information’ although obviously it is confidential. This is a common mistake amongst the uninitiated when dealing with the DPA. However, should this data show or contain details of Trade Union Membership deductions, contributions to political parties or donations to certain charities then it will then fall under the classification of sensitive under the DPA.
Sensitive or confidential you can be assured Morrisons senior management and board members will not be impressed, not only because they have to liaise with the Information Commissioners Office (ICO), but because of the reputational damage and harm that this will caused. Having recently launched their online offering, customers will be asking the obvious question ‘How secure is our data?’ A question that is now a lot harder to answer following this breach.
Morrison’s management did release a statement stating “that there had been no reports of fraudulent activity”. Given it is very early days this is no surprise and I don’t think employees can take any comfort in this; especially if they had read beyond the recent headlines of missing planes, the Ukraine and Crimea and other major headlines; as this week it was also reported that Card fraud had increased to £450 million in 2013, an increase of 16% from the £388 million reported in 2012.
In an age of such technological advancement and with consumers becoming more aware of the need to protect Passwords and PIN numbers; the fact that card fraud is on the increase could be surprising. Is it organised crime and criminal gangs, the opportunist thief or negligence of organisations to protect data that is the contributing factor to the ever increasing rise in fraud. One thing that is guaranteed is that the negligence of organisations to protect the data entrusted to them is a major factor.
At a time when data security is known about and understood especially amongst larger organisations, how is it we continue to see these breaches that affect organisations, employees and consumers alike.
In my experience ‘complacency’ together with a lack of review and testing of policies, processes and procedures results in breaches. The only unknowns are when and what form the breach will take place and whether it will find its way into the public eye.
I am not sure what surprises me more the fact that in 2014 a Boeing 777 can go missing without a trace or that large organisations are still suffering embarrassing data breaches.