Toxic data risk

The BBC wrote up an article on the UK’s  Information Commissioner Richard Thomas investigation regarding 30 serious data breaches in the country. Many of Mr. Thomas’s points are spot on with regards to the risks associated with having vast amounts of company data. He has even stated that many  data losses go unreported and some organisations were not even aware that it had gone missing.He makes an interesting analogy that customer records should be considered a “toxic liability”. Some excellent points are made with regards to who is repsonsible as well:

It’s no good saying the IT boys are looking after this, it’s no good saying the lawyers are sorting out the policies, it’s no good saying human resources are doing the training - it’s right across the organisation. Computing power is so strong these days that many bosses don’t simply understand what are the risks they are facing.

I think this is key, managment many times do not understand the risks and IT does not have the time or resources to ensure that data is handled correctly. The majority of the cases involved theft of portable media, or laptops from an organization, although the majority of the article discusses the issues of having large databases, the real problem is when this data goes outside the firewall.