Irish companies lack knowledge of data protection - ICS survey

The ICS ‘Data Protection Attitudes and Practices Survey 2011’ analysed awareness of data protection and instances of data breaches among Irish companies. 286 IT administration and management staff participated in the survey, which indicates that Irish businesses have a severe lack of knowledge of data protection requirements and data security issues.

The findings reveal that almost half of respondents were not aware of new rules regarding the mandatory reporting of data breaches to the Data Protection Commissioner.

Less than half of those surveyed felt that data protection rights and responsibilities are given due consideration by senior management with one respondent stating that, “senior management ignore data security issues”.

Only a third of respondents felt that all staff members are aware of who is responsible for data protection in their organisation.

Over 50pc of all respondents felt that they had not received sufficient data protection training while one in five respondents were not confident that they understand their responsibilities under the law for data protection.

Some 36pc of respondents said that their organisation has a formal procedure in place following a data breach. The issue of cost of compliance with data protection legislation was also raised by one respondent who stated that “we are paranoid about security, but know most think it is cheaper not to be".

One in seven respondents said had suffered a personal data breach in the last 12 months. However, over two-thirds stated that they were not confident that they would be informed of a data breach involving their personal information.

Several respondents commented that “those who come out and report get in trouble, so there’s no motivation to report, "while another remarked that “most organisations cover up data breaches.”

The ICS is holding its third annual Data Protection Conference to increase awareness of data protection requirements and to ensure companies comply with data protection legislation on Thursday 24 February 2011, at the Radisson Blu Hotel. It will be officially opened by Data Protection Commissioner Billy Hawkes.