It's your information, so take ownership

Unless you are a recluse living in a cave in the outback, you will have been swept up by the digital information revolution that’s influenced collaboration for individuals and businesses throughout the past decade. IDC states that by 2020 the digital universe will contain nearly as many digital bits as there are stars in the real universe, doubling in size every two years, driven by our thirst for information.

However, the digital revolution has also brought with it the inappropriate, unauthorised and unintentional sharing of information, forever haunting those deemed the information owners: ANZ Bank - disclosed ‘cash profit’ details four days early; Dept. of Immigration - disclosed 10,000 asylum seeker details; Telstra - employee passed confidential documents to the CEPU; AFP - disclosed investigations, target subjects, interception activities.

These and many other examples demonstrate the ease of access to information. Fines, imprisonment and reputational damage penalises those responsible, but such breaches will all happen again in Australia - such as with the Edward Snowden incident of sharing NSA secrets, where Australia’s intelligence efforts against Indonesia were divulged.

The recent amendment to the National Security Legislation Act 18(2) and Privacy Act 1988 continue to focus on the repercussive effects instead of directly addressing the cause - the horse has already bolted, so let’s just put a bigger lock on the stable door rather than investigating how and why the horse bolted in the first place.

Ownership, control and enforcement are all part of our business core responsibilities. The IT department provides the mechanics, such as data loss prevention software that helps support the continuous communication of the information that differentiates you from your competitors. So why is the CIO/CISO in the cross hairs of the firing squad when a data breach occurs? Why not the HR director, when PII is removed? The product director, when IP is disclosed? The sales director, when client data is breached? The marketing director, when future launch dates are shared on social media? The finance director, when financial results are leaked? Or the CEO when organisational restructuring becomes visible before employees or the stock exchange know about it?

You, individually, know the value of your personal and business information, just as the IT department knows the value of laying the information out efficiently in a database. It is critical for business preservation, employee satisfaction and customer engagement that we all take ownership and personal responsibility for not only the collection of information but also the access, sharing, storage and appropriate classification for technologies such as data loss prevention.

You’ll only have yourself to blame if and when the information goes walkabout, whilst explaining to the powers that be why you didn’t accept the ownership you had at your fingertips.

*Kevin Bailey is Head of Market Strategy at Clearswift and a renowned strategic marketing expert with over 20 years’ experience in information security and protection. Prior to joining Clearswift, Kevin was Research Director, European Security Software at IDC and Director of Global Market Analytics and Strategies at Symantec.