IT strategy: Serious data breaches are set to rise

The time has come to pour a glass of mulled wine and reflect
on the technology trends and drivers that have categorised 2009 – the year which
marked the 25th anniversary of Financial Director.

Last year saw swine flu hanging over the global business community like the
Sword of Damocles. It is worth remembering that in the winter of 1918 between 50
and 100 million people across the world died of what became known as Spanish
Flu. Terrifyingly, for many, the illness lasted less than a day from onset of
first symptoms to death.

It is estimated that an outbreak of swine flu on a similar scale could lead
to between one-third and a half of the world’s workers being struck down. The
extreme gravity of this situation has forced forward-looking businesses of all
sizes to re-evaluate their disaster recovery provision. The questions senior
decision-makers need to be asking themselves centre on ensuring they have
technologies, systems and processes resilient enough to cope with such an
emergency.

Minimising unnecessary business travel, cutting back all but the most
essential face-to-face meetings and increasing the use of technologies such as
video conferencing or teleconferencing are all advisable. Cranking up home
working and ensuring that adequate training and support can be provided in the
most challenging of circumstances must also be part of these new business
continuity plans.

Although the sky has yet to fall in, the fact remains that the world is
living on borrowed time when it comes to a new global flu pandemic.

This year saw more businesses put their heads and some mission-critical
applications in the clouds ­ the internet cloud, that is. For FDs, tough
questions remain over what benefits of ‘renting’ centrally-hosted applications
and other services delivered over the internet.

However, these questions notwithstanding, we have heard plenty this year
about the arrival and merits of cloud computing. This can be attributed, at
least in part, to the fact that businesses have sought more stable cost models
and been unwilling or unable to undertake large expenditures. Apparently,
worldwide cloud services revenue is on pace to surpass $56.3bn by the end of
2009­ a 21.3% increase from 2008 revenues, and in a torrid recession. It may
swell to $150bn by 2013.

Those in any doubt about the future of cloud computing should note that the
mighty Microsoft ­ the company with the most to lose from any move away from
sales of traditional packaged software ­ has embraced the concept with its Azure
Windows platform that supports service-based computing.

For many observers of technology, this year was categorised by the rise of
the Big Database. Unfortunately, this trend towards data centralisation has been
accompanied by an opening of the data loss floodgates. A series of high-profile
blunders have brought into sharp relief the danger posed by now ubiquitous
portable hard drives and memory cards.

As the cost of these devices continues to plummet, their use is becoming more
widespread and the danger to business from data loss is rising commensurately.
While the extent and impact of such accidents in the private sector is currently
hard to assess, the government is estimated to have ‘lost’ 30 million-plus
public records in the past two years.

Experts agree that the issue poses significant dangers to businesses: KPMG’s
Data Loss Barometer predicts that 190 million people around the world will have
fallen foul of data loss incidents by the close of 2009. Earlier in the year
this column highlighted how the Cabinet Office’s Data Handling Procedures in
Government recommendations, which advises that all sensitive data being
transferred onto portable memory devices should be encrypted, are still widely
ignored.

Perhaps more worryingly, November saw the announcement that local authorities
and police forces will carry on transferring potentially sensitive data obtained
using Regulation of Investigatory Powers Act ‘spying powers’, without
encryption. The reason for this data disaster waiting to happen? According to
the Home Office, mandatory encryption would be ‘impractical’.

However, it was also revealed in November that the maximum civil fine for
serious data security breaches will rocket by 1,000% under proposals set out in
the Ministry of Justice’s (MoJ) consultation paper entitled Civil monetary
penalties – setting the maximum penalty. The move surprised some
commentators as the MoJ shied away from the widely anticipated ‘10% of turnover’
level for fines. Instead, it proposes a maximum penalty of £500,000.

So, as we predicted, in addition to the danger of commercial or reputational
damage associated with a data loss, the financial penalties are being ratcheted
up dramatically. However, as ever the devil is in the detail and legal firm
Eversheds notes dryly that ‘it remains to be seen’ how the MoJ’s proposals will
translate into legislation.

Robert Jaques is a leading commentator on technology issues