The current spate of publicity about how poorly some charities seem to care for the personal information they keep about the donors who support their respective causes is yet another reminder of just how vulnerable organisations are when it comes to keeping customer information safe. After all if you give information to any business and especially to your doctor, your lawyer or your financial adviser you expect it will be kept safely.
The principles on which the very foundation of all businesses enterprises should be built has not changed since we all lived in the fields and we bartered to get what we needed to survive. Harnessing our resources to satisfy the needs and wants of our customers is the bedrock of all economies as all truly successful companies have proven. Yet of all the sectors in our economy the medical, legal and financial sectors are built upon another key driver. They have to deliver absolute client confidentiality because nothing is more private to us as individuals then our health and our wealth.
The General Medical Council, The Law Society and the Solicitors Regulation Authority produce a lot of sensible guidance on best practice for keeping client information safe, cyber security, and use of cloud computing etc. However, like many things in real life we are all spurred into action when something goes wrong, when the company’s system is hacked into or when there is a proven breach of confidentiality rules about which the injured party often complains most noisily.
So, why do we prevaricate about taking such action? Why are we so inclined to believe ‘it will not happen to us’? Well, it is just human nature I suppose, just like the fact that we all know we are going to die but none of us believe it is going to happen today. Many of us do lots of little things to put off that fateful day like take exercise, eat and drink sensibly so, why don’t we do a similar number of little things in our businesses to protect customer information?
The probability is that so much is not done to ensure client confidentiality because we either do not see where the holes are in our respective enterprises, or we do not know what to do – or if we do know what to do – we see it as simply too big and too complicated to handle. The answer has to be we must start somewhere and starting to do a small number of little things is the only way to get to that place where we are absolutely certain that we could not have done more.
So, come on then get in touch with your local information security expert and ask them to advise where you should begin. It may turn out to be a journey of a thousand steps but you have to start somewhere.
Paul D Stallard – Hurndall-Stallard Associates – July 2015
Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.