Around this time of year you can’t move for predictions for 2013, whether it’s which Premiership manager will be sacked first, the sex of the future monarch or trends in information related fraud.
Although not wanting to jump on the band wagon, (but at the same time grabbing the reins, cracking the whip and shouting ‘Yeehaa’) I can quite confidently predict that one area in which almost every organisation will continue to cut budget is training.
However where data governance is concerned this could well be a cut with serious implications. Good information security involves a layered approach of technical controls, carefully engineered processes and easily accessible documentation, all underpinned by regular training. Training crystallises the importance of effective data governance both for the organisation and the individual. By understanding the reasons why good practices in data security and data protection are essential, staff are motivated to follow processes which protect both them and the organisation. This is certainly something that DQM Group Data Governance Auditors see all the time.
In times of recession the easiest and quickest ways to cut costs are nearly all staff related. But it is investment in staff and particularly training that is essential in developing a culture of good data governance organisation-wide. The Information Commissioner often quotes lack of training as a reason behind DPA violations. When Prudential was recently fined £50,000 for inaccurate data, Stephen Eckersley, ICO's Head of Enforcement, stated “We hope this penalty sends a message to all organisations, but particularly those in the financial sector, that adequate checks must be in place to ensure people’s records are accurate. Staff should also receive adequate training on how to manage and maintain them....” . It makes lack of staff training look like a bit of a false economy.
Governance training doesn't need to be complex - a few simple rules apply:.
Information Security training brings into focus a subject which is key to all organisations but one for which staff often, mistakenly, see as somebody else’s responsibility. Once they realise that a data breach could cost the company significant amounts of cash and ultimately job losses, it’s amazing just how quickly focus can be gained and opinions changed.
I really do hope that my prediction doesn't come true - but sadly I think it might.