IT strategy: Serious data breaches are set to rise

The time has come to pour a glass of mulled wine and reflect on the technology trends and drivers that have categorised 2009 - the year which marked the 25th anniversary of Financial Director.

Last year saw swine flu hanging over the global business community like the Sword of Damocles. It is worth remembering that in the winter of 1918 between 50 and 100 million people across the world died of what became known as Spanish Flu. Terrifyingly, for many, the illness lasted less than a day from onset of first symptoms to death.

It is estimated that an outbreak of swine flu on a similar scale could lead to between one-third and a half of the world’s workers being struck down. The extreme gravity of this situation has forced forward-looking businesses of all sizes to re-evaluate their disaster recovery provision. The questions senior decision-makers need to be asking themselves centre on ensuring they have technologies, systems and processes resilient enough to cope with such an emergency.

Minimising unnecessary business travel, cutting back all but the most essential face-to-face meetings and increasing the use of technologies such as video conferencing or teleconferencing are all advisable. Cranking up home working and ensuring that adequate training and support can be provided in the most challenging of circumstances must also be part of these new business continuity plans.

Although the sky has yet to fall in, the fact remains that the world is living on borrowed time when it comes to a new global flu pandemic.

This year saw more businesses put their heads and some mission-critical applications in the clouds ­ the internet cloud, that is. For FDs, tough questions remain over what benefits of ‘renting’ centrally-hosted applications and other services delivered over the internet.

However, these questions notwithstanding, we have heard plenty this year about the arrival and merits of cloud computing. This can be attributed, at least in part, to the fact that businesses have sought more stable cost models and been unwilling or unable to undertake large expenditures. Apparently, worldwide cloud services revenue is on pace to surpass $56.3bn by the end of 2009­ a 21.3% increase from 2008 revenues, and in a torrid recession. It may swell to $150bn by 2013.

Those in any doubt about the future of cloud computing should note that the mighty Microsoft ­ the company with the most to lose from any move away from sales of traditional packaged software ­ has embraced the concept with its Azure Windows platform that supports service-based computing.

For many observers of technology, this year was categorised by the rise of the Big Database. Unfortunately, this trend towards data centralisation has been accompanied by an opening of the data loss floodgates. A series of high-profile blunders have brought into sharp relief the danger posed by now ubiquitous portable hard drives and memory cards.

As the cost of these devices continues to plummet, their use is becoming more widespread and the danger to business from data loss is rising commensurately. While the extent and impact of such accidents in the private sector is currently hard to assess, the government is estimated to have ‘lost’ 30 million-plus public records in the past two years.

Experts agree that the issue poses significant dangers to businesses: KPMG’s Data Loss Barometer predicts that 190 million people around the world will have fallen foul of data loss incidents by the close of 2009. Earlier in the year this column highlighted how the Cabinet Office’s Data Handling Procedures in Government recommendations, which advises that all sensitive data being transferred onto portable memory devices should be encrypted, are still widely ignored.

Perhaps more worryingly, November saw the announcement that local authorities and police forces will carry on transferring potentially sensitive data obtained using Regulation of Investigatory Powers Act ‘spying powers’, without encryption. The reason for this data disaster waiting to happen? According to the Home Office, mandatory encryption would be ‘impractical’.

However, it was also revealed in November that the maximum civil fine for serious data security breaches will rocket by 1,000% under proposals set out in the Ministry of Justice’s (MoJ) consultation paper entitled Civil monetary penalties – setting the maximum penalty. The move surprised some commentators as the MoJ shied away from the widely anticipated ‘10% of turnover’ level for fines. Instead, it proposes a maximum penalty of £500,000.

So, as we predicted, in addition to the danger of commercial or reputational damage associated with a data loss, the financial penalties are being ratcheted up dramatically. However, as ever the devil is in the detail and legal firm Eversheds notes dryly that ‘it remains to be seen’ how the MoJ’s proposals will translate into legislation.

Robert Jaques is a leading commentator on technology issues