It is often thought that manufacturers are somewhat less exposed to the issue of data security breaches in comparison to other sectors but recent studies have shown that the sector is often subject to attacks. Data breaches can include having employee records compromised, having personally identifiable information about customers or partners compromised, loss or damage of internal records and theft of soft intellectual property such as processes and institutional knowledge.

Data breaches are becoming increasingly more frequent in the manufacturing industry and, according to research from Experian, UK businesses appear to be acutely underprepared when it comes to the aftermath:

  • Almost one in five (17%) of organisations questioned had a data breach involving the loss of more than 1,000 records in the past two years.
  • Nearly three in five (57%) of those affected, experienced multiple breaches. Medium-sized businesses were the worst hit with almost two thirds (61%) reporting an attack between two and five times, compared with two in five (4%) of large businesses. [1]

Organisations which process personal data must have appropriate technical and organisational measures in place to protect against unauthorised and unlawful processing of personal data. An organisation also needs to be prepared if such measures are breached.

Companies that suffer a breach could face serious financial consequences once new data protection regulations are fully introduced across EU member states. New figures reveal that mid-sized and large businesses could be in line for fines totalling £20bn if they fail to protect their customers from data breaches.

If the threat of a substantial fine isn’t enough, almost two thirds (63%) of people say they would leave an organisation if their personal information was compromised. Customer confidence and loyalty would also be greatly affected with eight in ten Britons declaring that their overall level of trust in an affected company would decrease (80%) and their opinion of the organisation would worsen (79 per cent).[2]

How to put an effective data security breach management system in place

There are four main elements to an effective breach management recovery plan:

  1. Containment and recovery: Data security breaches will require not just an initial response but also a recovery plan including, where necessary, damage limitation.
  2. Assessment of ongoing risk: Assess the risks which may be associated with the breach. Perhaps most important is an assessment of potential adverse consequences for individuals, how serious or substantial these are and how likely they are to happen.
  3. Notification of breach: Notification should have a clear purpose, whether this is to enable individuals who may have been affected to take steps to protect themselves or to allow the appropriate regulatory bodies to perform their functions, provide advice and deal with complaints.
  4. Evaluation and response: It is important not only to investigate the causes of the breach but also to evaluate the effectiveness of your response to it, especially where your response was hampered by inadequate policies or a lack of a clear allocation of responsibility then it is important to review and update these policies and lines responsibility in the light of experience.[3]

Summary

The implementation of the new EU Data Protection Regulation will come into force from the 25 May 2018, bringing with it tougher sanctions and regulations which will replace all data protection legislation in EU member states, including the Data Protection Act. With Experian’s data showing that data breaches are becoming an almost-monthly occurrence and a third of companies currently not having any kind of response plan in place at all, it could be a stark wake up call for UK businesses.[4] It is vitally important that companies of all sizes expect the unexpected, Bond Dickinson can ensure that your organisation has adequate privacy and security plans in place to safeguard customer information, meet regulatory compliance requirements and ultimately protect the reputation of your company.