Privacy and Data Protection

“When it comes to the cloud, security is a real risk and the technology isn’t necessarily at the right level for most organisations at the moment.”
Rebecca Jacoby, CIO, Cisco.

“Some of the cloud services were not set-up with security front and centre; the policies that are in place are antiquated and not stringently followed; there's a really big red target painted on this market's back”
CEO- Security Intelligence Organisation

The rapid evolution of information systems is casting a spotlight both on the privacy of personal data and on those responsible for safeguarding it.

Any information that can be linked either directly or indirectly to an individual might be deemed ‘private’. Yet many organisations have a limited understanding of the necessity and implications of good privacy management. Organisations often fail to recognise the risks that can arise from poor privacy practices. Once lost, a reputation is extremely difficult - and often costly - to rebuild.

47% of U.K. senior executives believe the risks of cloud computing outweigh the benefits. The United Kingdom is not alone. Canada came in at 42% on the same question, and the U.S.A. at 41%. The most frequently cited concerns focused on security, privacy and lack of control over data and compliance issues.

ECA’s team has hands-on experience in the complexity of personal information management. ECA helps clients to comply with the Data Protection Act and associated regulations, but can also go beyond compliance into supporting the business through quality management of personal information.

ECA delivers Privacy Impact Assessments for government and private organisations alike, and can work with stakeholders from all parts of the privacy spectrum to ensure that privacy solutions meet the needs of both the organisations and its partners. The ECA team can develop policies and procedures; advise on design, implementation and privacy enhancing technologies (PETs); and review and audit the effectiveness of privacy management in individual systems and whole organisations.

Back to main Cyber Security Assurance page