What employees don’t know about data security could cause serious damage to a company, and alarmingly – many employees don’t know as much as they should.
According to a recent report from MediaPro, American workers are adept at identifying sensitive corporate documents and knowing what documents should be safely destroyed. However, U.S. workers have difficulty understanding privacy regulations and how to handle both their personal and professional information.
To reach their findings, MediaPro researchers surveyed more than 1,000 U.S. residents on data security practices. Survey volunteers were given five scenarios involving data privacy that could happen in a typical workplace.
National and international regulations
The study showed that worker understanding of national and international privacy polices is severely lacking.
Respondents showed the most understanding of the Health Insurance Portability and Accountability Act (HIPAA), which handles the security of protected health data. However, respondents were much less familiar with international privacy laws like the European Union’s General Data Protection Regulation (GDPR): 59 percent said the GDPR was totally new to them. This should be concerning given that the EU has given these regulations considerable teeth. Fines for non-compliance could translate to 4 percent of a company’s yearly global turnover, or $27 million, whichever is higher.
Respondents were even less familiar with the EU-U.S. Privacy Shield regulation, a legal platform for transatlantic information sharing between organizations and businesses in the U.S. and the EU. Sixty-three percent of respondents said the Privacy Shield was totally new to them, and just 23 percent said they understood the fundamentals.
Companies looking to beef up their workers’ knowledge of international regulations should attempt to contextualize guidelines for workers. Policies and training programs have to be relevant and important to users.
Granting access to applications
With regards to granting access to third-party applications, the survey outcomes were strongly related to age. Respondents age 55 and older said they “never” grant permission 59 percent of the time. Respondents between the ages of 35 and 54 said “never” 52 percent of the time. Respondents between the ages of 18 and 34 said they answer “never” 42 percent of the time.
While respondents appeared highly protective of their text messages, they were more at ease with other permissions: 68 percent said they “sometimes” give permission to report location via GPS, 48 percent said they “sometimes” give permission to document audio and 54 percent said they “sometimes” give permission to record pictures and document footage.
Comprehending the repercussions of permissions is particularly important because mobile devices usually contain a mixture of personal data and professional data. Training and best practices should cover all of the consequences of a personal device being compromised through a third-party application.
Companies may find it useful to profile staff members based on age when it comes to providing training.
At Thompson Technologies, we stay on top of the tech issues facing our clients, so we can better serve their needs. If your organization is currently looking for a staffing partner with its finger on the pulse of modern business, please contact us today to find out how we can support your company goals.