Risk - it's all relative

People sometimes have odd ideas about relative risks. In my books on data protection*, I cite talking as a big risk to protecting personal information, and people in general as the biggest risk of all.

One of my favourite questions when I meet a new company or organisation is to ask "Who would you ask if you wanted to find out the latest gossip?"

Often the answer is someone whom management might consider to have a minor role in the company: a secretary, telephonist or cleaner.

Gossip is the archetypal data protection breach: personal information shared for a purpose which is neither specified or lawful.

Consumers are often reluctant to shop online because of the perceived risk to their personal financial information. Major online retailers invest large amounts in technical security features because their business depends upon
it. Of course, shopping with bodgitandscarper.com is a risky business but this is true however you shop with them.

Many people have told me that although they will not shop online they do give out their credit card details over the phone: this seems to me to inherently far more risky than electronic shopping.

Recently, I rang my sports arena where I play badminton. The reception area is in the entrance hall. In order to pay for my booking, I was asked as usual for my credit card number. What was less usual was that the person on the other end repeated the number, expiry date and security number in a loud voice to my severe displeasure and discomfort.

Protecting personal information is about managing risks. It also requires a degree of education of both consumers and staff about what the risks are and the relative degree of risk of different ways of working.

*Gillies AC (2010) Data Protection for Small Business, Kindle Edition
Gillies AC (2011) Data Protection for Slightly Bigger Businesses, Bearswood