Robust data governance is becoming more pertinent than ever, with the ramifications of next year’s incoming EU regulations in the form of GDPR (General Data Protection Regulation), but more urgently in the reports today of a large data breach at Bupa.
The private healthcare specialist has reported that the names, dates of birth, nationalities, along with unspecified administrative details of over 100,000 of its international insurance customers had been inappropriately copied and deleted.
With the recent spate of high profile cyber attacks, what’s truly interesting here is the source of the breach - an internal employee.
Bupa revealed the employee has now been fired and it is currently fully co-operating with the Financial Conduct Authority and other UK regulators.
Affected customers are now being warned to be vigilant for signs of identity theft.
Cyber security is high profile, with reports of hacks and attacks on organisation’s systems and software occurring almost daily.
PwC’s 20th CEO Survey revealed recently that cybersecurity is the second biggest commercial concern for 76% of UK CEOs.
A further 97% of respondents reported they are currently taking action against cyber breaches affecting business information or critical systems, well above the global figure of 90%.
Fighting cyber crime takes heavy investment in technical solutions and constant vigilance, but the threat is even more difficult to counter from within your organisation.
Unfortunately, one of the biggest digital risks in your business is your employees. Whether through malicious activity or simple misunderstanding of data processing regulations, many organisations have potential a data crisis in the midst of their teams.
Dealing with either an accidental or deliberate breach, the response should be the same - the establishment of strong data governance.
Setting good data governance protocols not only mitigates the type of digital risk we are currently watching play out for Bupa, but offers unparalleled access to valuable, commercial information about your customers and your organisation.
The starting point is a thorough review of data entering and exiting your business. This type of work is highly individualised between businesses but some important questions to ask include:
Understanding your data obligations isn’t a nice to have - it’s a vital compliance issue for your business. When the GDPR obligations become legally enforceable from May 2018, you will not only be liable for the processing and storing of data within your organisation, but also along your supply chain.
Breaches will become not only a reputational headache but a legal and financial threat to your business.
So far, the ramifications for Bupa in the long term are unclear but it does appear they are handling the crisis well through clear communication with their customers and the media.
Good data governance will protect your business, your reputation and your customer relationships, and could even provide insight to help you get closer to your customers and improve your products and services.