Data protection expert warns companies not to overlook physical data.

Date: 2017-04-19

One of the most influential figures on data security in Europe has urged companies not to overlook hard copies of data and files when addressing data protection.

Speaking to the Independent Business, Jonathan Armstrong – a partner in Cordrey and co-author of one of the definitive works on technology law said: “In many ways, an unsecured physical file is a lot more damaging that a digital file. If an encrypted email, USB stick or laptop is lost, then to a certain extent 'big deal' as long as the encryption is up to scratch, but if you lose a printout then it is easy for people with no technical expertise to read, take a photo on their mobile phone and give it to whoever they want.”

Armstrong predicts that roughly one in every five data breaches that occurs is due to physical files and although these are covered by the General Data Protection Regulation (GDPR) in exactly the same way that digital files are, many organisations are focusing on IT systems and securing digital files. "My sense is that proportionally breaches of hard copies of files are on the rise, but I'm not sure how much of that is due to a rise in awareness of the importance of security for digital files, or because we are getting better at locking systems down," he warns. 

Armstrong believes this is because the individuals in companies who are responsible for data protection have large blind spots when it comes to how information is used within their organisations.

"Quite often the person who is in charge of IT is also in charge of data protection, and while they may be very in tune with all of the technological ways of securing electronic data securely and prevent information from leaving the organisation by email or portable hard-drive and may have the most state-of-the art encryption on their systems, they may completely forget that there is a printer attached to the system," he said.

Printing records, making notes and the legal requirement to retain certain physical records isn’t going away, so protecting hard data needs to be as much of a priority as locking down digital data when it comes to protection and GDPR compliance.

The message from the expert: "Businesses really need to focus on hard copies of records more, because it is certainly being overlooked in many cases. In many ways, records like this are harder to secure as you can encrypt files and emails - but you can't prevent employees from writing down what is in their head.”

Jonathan Armstrong is an experienced lawyer with a concentration on technology and compliance. A partner in Cordrey Legal Compliance, Jonathan was recently ranked as the 14th most influential figure in data security worldwide by Onalytica in their 2016 Data Security Top 100 Influencers and Brands Survey.

To read the full article on the Independent website, click here.