Poor Data Protection Compromises 3 in 8 Financial Firms, Research Shows

Bob Styran, IT audit expert
April 07, 2011 /

More than 3 out of 8 financial companies, or 39pc, have suffered major loss of data that resulted in disruptions to their operations, owing to poor data protection measures.

The figure is based on the study conducted and released recently by the software company Informatica, which adds that 74pc of the surveyed financial firms acknowledged the fact that they still have a long way to go to step up their customer data protection strategies.

The data protection study was released shortly after the email service provider Epsilon has warned its customers of a massive email hack into its database following detection of an incident where a subset of “clients’ customer data was exposed by an unauthorized entry into Epsilon’s email system.”

Some of the high-profile customers affected by the poor data protection included Barclaycard, Citigroup, Disney, JP Morgan Chase, hotel chain Marriott, bookseller AbeBooks, and sports apparel dealer Lacoste.

Informatica’s study further showed that 87pc of those that admitted to poor data protection programs were hit the hardest. For 90pc of the financial firms, Informatica’s study implied a critical stage in terms of testing novel applications and IT services.

The most direct impact, the study suggested, was loss not just of the customers’ data of the firm’s reputation.

The software company added that regulations implemented by disciplinary bodies like the Information Commissioner’s Office (ICO) do not suffice in getting businesses to work for a more secured data protection program within their companies.

The ICO last year imposed no major penalty on Google’s reported breach of privacy laws when its Street Views car gathered payload data that contained personally identifiable information like email addresses and passwords.

Nevertheless, it put into practice its power to penalize privacy laws violations when it penalized on late November last year the Hertfordshire County Council and employment services company A4e with fines amounting to £100,000 and £60,000, respectively, for lax data handling.

Informatica’s senior vice president John Poulter noted the financial firms’ gross lack of confidence that they have tight data protection programs within their practices to keep customers’ data secured from third parties.

He encouraged IT professionals to make clear definitions of their data protection strategies and practices to avoid getting penalized by regulatory bodies like the Financial Services Authority.

Poulter emphasized the need to practice high quality in delivering data protection services both in actual rendition of the service or in the stage of developing new strategies.

 

Share your opinion