Brits in two minds about data security
Some 80% of people in the UK are “concerned about protecting their personal information online”, says the Information Commissioner’s Office (ICO). An even bigger proportion (96%) feels that organisations are not to be trusted with this information, because they’re not up to the job of keeping it safe.
Not much grey area there, then. Brits are clearly worried about what happens to personal information. Except that they’re not.
What they’re really worried about is what other people are doing with their data. When it comes to taking responsibility for controlling that data, most ordinary citizens seem to think it’s someone else’s job to sort it out. And so they carry on happily spewing private information onto Facebook and via Twitter with little apparent regard for how it might be exploited - all the while moaning that “something must be done”.
The obvious suspicions about organisations’ inability to keep data safe is perfectly reasonable. The ICO has the task of punishing companies that suffer data leaks, but it catches only a tiny proportion of leaky firms.
Yet you could argue that it’s the organisations themselves that are at the greatest risk - specifically, the employers of these same hand-wringing, concerned citizens. And the reason for this is that people bring this schizophrenic attitude into work. They know that data is sensitive, yet continue to place it in plain view on the Internet.
Today, people are in the habit of sharing. It’s almost as if any event in their lives hasn’t really happened until it’s on Facebook, Twitter or Flickr, or that they haven’t really arrived at a place until they’ve checked in on Foursquare. And they take this reflexive habit of sharing into the workplace, where what they’re sharing might be sensitive company information or IP.
Significantly, the ICO survey found that 60% of people “believe that they have lost control of the way their personal information is collected and processed”. That’s a lower figure than the others quoted, so perhaps there’s a minority that has a sneaking suspicion it could do something about the problem itself.
Nevertheless, nearly two-thirds of the respondents clearly feel that there’s nothing to be done, it’s SNAFU and you might as well carry on feeding companies (and, if they did but know it, cyber-criminals) with the kind of personal data that’s invaluable for marketing and identity theft.
The point of the ICO’s survey is to launch a campaign to raise awareness of how to stay safe on the Internet. Most infosecurity professionals will tell you that education is the toughest part of the job. But, as I said, something must be done, and the ICO’s Personal Information Toolkit might be one small step towards helping people realise that they - and not leaky organisations - are the problem.
