Some disregard data protection laws

Some disregard data protection laws

Many IT security procedures are not simply best practices - they have laws to back them up. Consumer data, especially, is subject to a number of regulations designed to make sure companies are responsible in their handling of identifiable consumer information. There are other motivational factors for firms, too, as a loss of consumer details could lead to a loss of confidence and loyalty. However, some firms still flaunt security laws, sometimes with serious consequences.

Irish telecom breach

According to the Irish Examiner, two Irish telecommunications firms handled customer information both carelessly and in clear violation of data storage laws. The companies are currently facing the fallout of a laptop theft from their parent operator's headquarters. The information stored on the devices was highly sensitive, including data from users' passports and driver's licenses. The companies did not report the losses to the local watchdog group for nearly a month after the loss.

While the response between company and government was slow, its disclosure to the public took much longer. The Examiner reported that customers involved did not learn of the leak until between six weeks and two months after it took place. Preventing breaches is a critical part of data security, but once an incident does occur, incident response efforts take on major importance of their own. Slow reactions could be costly for firms in both penalties and reputational damage.

Reaction time is important

Though they may hope to avoid further trouble by underreporting data losses, executives are simply inviting greater scrutiny. According to the State, a server breach at the University of South Carolina drew attention from data watchdogs after the institution took almost three months to inform the affected students and staff. Leaders at the school conceded that the wait was long and attributed it to a thorough investigation of the incident.