The IT director’s perspective: managing data compliance

By: In: Backup Tape On: Jun 05, 2014
The IT director’s perspective: managing data compliance

Data compliance is complex. It requires IT directors and other information experts to understand and apply relevant legislation for  data protection, IT security and  sector-specific regulations – no easy task in rapidly evolving environment. To stay compliant, businesses should look at data protection not just as a cost, but as an investment in an asset that requires management and protection. Some of the most important things to consider include:

  • Compliance is good data protection. From internal and external audits to establishing a password policy and employing ethical hackers, your data protection efforts should be broad in scope and regularly monitored.
  • People are central. There’s a tendency to assume that data breeches are external. In fact, one of the most powerful threats to your data is the people who work in your organisation. Either accidentally or maliciously, they can be accountable for small and large-scale data breeches.
  • Security breaches are increasing. Data plays a role in every aspect of business, from operations to marketing and finance to logistics. Not everyone can become a data expert, but everyone can become data aware. To combat data breeches, raise the profile of data in your organisation by investing in training programmes and improving the level of awareness

To find out more about business continuity planning, multi-tier protection and the opportunities of big data, watch the data debate.

← The role of business continuity planning in your data strategy Why data regulation should be at the core of your business →

Leave A Comment

About the author

Christian Toon

Christian Toon is a former Iron Mountain employee who now works closely with our business within his new role: Senior Cyber Security Expert at PwC UK. Christian's thought leadership in this space is well-acknowledged across the industry. Christian has obtained numerous industry specific and recognised qualifications, he is a qualified Prince2 Practitioner and ISO IEC 27001:2005 Lead Auditor as well as holding auditing qualifications with ISO 9001, ISO 18001 and 14001. Christian has also completed all the Information Assurance Levels from the National School of Government. Christian's application to the Institute of Information Security Professionals (IISP) is currently under review along with a potential application to further his development with an Masters in Information Security.