Carefully handle data but is really little to workers from the present generation in the genes. I therefore propose to tackle this problem at its roots: data security should be a subject for the classrooms.
We noted almost daily on the need for IT security through the many media reports on issues such as cyber-security breaches and identity theft. Security is therefore an increasingly important issue in society. You would expect that a careful handling of sensitive data integrity needs no explanation. Yet we see in practice that the staff has little regard for a proper identity and access management (I & AM). Employees of hospitals, for example, often can not trace orders books in the pharmacy system. And it is all too common for lawyers and doctors send sensitive documents to the wrong people. On the policy it is not. It’s commitment to careful data use has become embedded. How can it do this not working at the workplace?
Data security gene
The problem is that people like to go with safe data, but do not know how to do this. They lack a fundamental understanding of what constitutes data security. A data security gene, if you like, which they instinctively sense how they interact with their data in a secure manner. Actually, it is not surprising that people miss an instinctive feel for data security. Because let’s face it: fifteen years ago the world was analog and consisted this problem.
The way we tackle the lack of awareness about data security, focuses on the creation of rules and obligations. When you make things illegal and fines goes hand out, then people learn inappropriate behavior by itself or off. This system works, as we can see through the strict security in banks and insurance companies. Who have their business normally much better organized than other organizations. The bill for an obligation to report data leaks and the expansion of the penalty jurisdiction for the Dutch Data Protection Authority (CBP) is in that respect a step in the right direction.
Out of the office and in the classrooms
However, rules are only a beginning and not by works in the private lives of employees. By the fading dividing line between private life and work, always find more work-related activities outside the company walls instead. This increases the risks for businesses tremendously. The creamy television programs by Peter R. de Vries on sextapes and private lives ruined, are in fact the result of a lack of knowledge in the field of identity management in society.
To get data security really into the fibers of people, you should make it part of the curriculum. Barry van Kampen argued in a previous blog already for more attention to ‘hard’ ICT in primary school. I think it is dealing equally important that children are aware of their information on social media. In schools is already spoken in lessons on the use of Internet and cyber-bullying. In line with this, teachers will have to teach about safe use of personal information.
A good IT education will eventually have a huge positive impact on the safe use of information within the company walls and within the government. Parents should therefore also more frequent with the theme confronted at the kitchen table, and eventually the influx of young new employees will ensure that the knowledge and awareness increases on this topic. Within half a generation, and probably much earlier, would it still have to manage to still get a data-security gene in our DNA.