recent work

Are UK SME’s getting worse at protecting private information?

Jamie Lawrence has reported that UK SME’s are not taking the necessary steps in order to destroy sensitive business data – and the main reason for this is that they do not believe ‘losing private information will have any impact on [their] business’. This is according to new independent research commissioned by Shred-It, the UK destruction company.

“This years findings are particularly worrying, as they show SMEs becoming increasingly lax about information destruction as they just do not see any consequences for poor security procedures”, says Robert Guice, Executive Vice President, EMEA, Shred-it.

This lack of concern could be the reason why over one-third of SMEs (35.4 percent) admitted that they had no protocols in place for the storage and disposal of confidential data, over three quarters of respondents (76.6 percent) either do not provide any training for employees on company information security procedures (26.6 percent), or do so only on an ad hoc basis (50 percent).

According to the Information Commissioners Office’s (ICO) annual report, there was a 21 percent decrease in the number of data protection cases received between 2009 and 2011 and a 9 percent decrease in the number of cases closed. This suggests that more needs to be done to combat data protection breaches by both the private and public sector in the UK.

The report also reveals:

Nearly half of SMEs (46.4 percent) said they did not have anyone specifically responsible for managing data security issues
12.8 percent of UK SMEs have no provision in place to shred sensitive documents
822 SMEs in our survey (81.9 percent) use an in-house shredding machine, but of those almost three quarters (72.2 percent) do not have anywhere secure to store documents before being shredded
Just 5.4 percent of SMEs use a professional shredding company compared to 43 percent of larger firms (those with over 250 employees).