12, August 2016: A survey conducted by Boldon James of public and private sector organisations reveals that companies have an indifferent attitude to data classification, with only 14% of companies having a data classification policy in place and only 5% using a data classification solution that involves users in the process of data protection.
In the world of information security, data classification relates to the labelling of documents, files and messages based on their value or level of sensitivity to an organisation. Data classification is a critical component of every good data protection policy, because correctly classified data is better protected from leakage or theft.
Leading technology research firms such as Forrester and Gartner both report that data classification is the basis for a data-centric approach to security, so the results from Boldon James's survey results will come as a wake-up call to businesses.
The new EU General Data Protection Regulation (EU GDPR) — which requires companies to adhere to more rigorous data protection policies - comes into force May 2018. Despite the UK’s recent decision to leave the EU it is highly likely that UK companies will still be required to adhere to the regulation; and regardless of their location, organisations will have to conform to the regulations if they hold any data on EU citizens.
David Langton, Marketing Director at data classification specialists Boldon James, explains: “It is critical that UK businesses are not distracted by the decision to leave the EU and see this as a get-out clause. The GDPR is designed to help organisations achieve best practices for data security and it is actually a good set of rules to follow to ensure that organisations are consistently employing best practice security methods to increase data protection and reduce risk.”
The worrying survey results highlight that essential data security standards are not being widely implemented. Perhaps more concerning, given the potential impact on brand reputation and company value, is the fact that only 12% of organisations see data security as a Board issue.
With the EU GDPR seeing businesses fined up to â‚¬20 million, or 4% of their global revenue, for breaking data protection law, many firms could be put out of business for the misuse of data.
The survey results also revealed another disturbing revelation; 58% of companies classify data manually without the use of a data classification solution. This is a major concern for data security, as it is almost impossible to enforce a classification policy without the use of a data classification tool. With only 5% of surveyed companies involving their users in data classification, it seems that organisations are missing a huge opportunity to actively engage their employees in data protection and transform security culture as a result.
David Langton continues: “Data classification should be at the forefront of every company’s security approach and is typically the first step to achieving a successfully data-centric security strategy. However, a large number of the businesses we surveyed appear to be overlooking this most fundamental aspect of data protection, missing an opportunity to proactively improve organisation-wide data protection. This leaves them open to regulatory scrutiny and increases the risk of financial exposure and reputational damage.”
Boldon James, a market leader in data classification and secure messaging software, help businesses control and protect their data — whatever the challenge. With over 30 years’ experience facilitating effective classification of all kinds of data and across a wide range of operating environments, the company successfully protects organisations against sensitive data leaks.