Front-page news stories about government departments losing data are cropping up with such regularity at the moment that it’s difficult to keep up with developments.

　　First there was the HM Revenue and Customs fiasco back in November, when discs containing the personal details of 25m people claiming child benefit went missing in the internal post. Then, a disc holding the personal details of 3m US learner drivers, including names, addresses and telephone numbers, mysteriously disappeared. Worse still, in January, a laptop went missing from the Ministry of Defence containing the National Insurance numbers and passport and bank details of  600,000 new recruits.

　　It’s pretty shocking stuff and the negative headlines will no doubt mean that, in the future, more organisations and individuals will want to keep a tighter grip on where their data goes and how it’s used. These security lapses should also help to focus the minds of the print industry.

　　More than a printer

　　Increasingly, printing companies are managing the production and distribution of marketing campaigns and, as a result, handling vast amounts of data. So much so that many companies would prefer it if you didn’t refer to them as a printer anymore, but as a ‘communications solutions provider’ or ‘marketing and technology specialist’ instead. Data handling is fast becoming the heart of the modern print industry.

　　“Around 95% of the jobs we do involve data,” explains Patrick Headley, sales director at direct mail specialist GI Direct. “GI is moving into the transactional market and that means we handle more than just names and addresses.”

　　As a result, most dialogue with potential clients now begins with a discussion about information security, says Richard Higginbotham, marketing manager at mailing specialist CDMS. “It’s at the forefront of their minds,” he explains.

　　But, should customers be worried? Printers we spoke to don’t believe so. They claim print could teach the public sector a lesson or two about looking after data, as the majority of printing companies have rigorous procedures in place to ensure there is no risk of data falling into the wrong hands. Indeed, printers are going that extra mile to ensure that procedures are vigorous.

　　“It’s no good to simply say ‘we have signed our business up to the Data Protection Act’,” explains Andy Young, group managing director at Dsicmm. “That’s simply not enough.”

　　CDMS’ Higginbotham adds: “You need to understand the Data Protection Act. It’s one thing to know what it is, but you have to embed the spirit of the Act throughout your business. That is where the ISO 27001 comes in.”

　　Power of accreditation

　　This ISO standard is a powerful tool for any company wanting to win business that involves handling data. Indeed, it’s unlikely you will pick up a contract that requires data handling without it. The accreditation proves you have the systems in place to ensure data is secure. This ranges from the security of the building to the use of encrypted files.

　　ISO 27001 is something that’s taken very seriously by the companies that hold it – at Dsicmm, even the managing director can’t see the personal data handled for campaigns.

　　“I could not look at client data even if I wanted to,” says Young. “Our systems are that ring-fenced. We take data security incredibly seriously and there is no reliance on third parties. We have our own information security committee and regularly audit our systems.”

　　Security is just as tough at CDMS. “We have a policy where we expect data from our clients to be sent through in encrypted form,” explains Higginbotham. “You should not send data around in a format that anyone can use. If something is not encrypted, it is flagged-up and changed. We also make sure passwords are regularly updated and that there is very strict access control – I do not have passwords for certain data.”

　　GI Direct’s Headley says security also extends beyond the company’s premises. “We make sure data is not transported by hard drive – you can’t just carry the data out of the building. We have rules that prevent staff from taking any data away on a laptop.”

　　Many of these rules have been tightened in recent times, as the nature of information handled by companies like GI Direct has become more sensitive. Andy Wood, managing director of GI Direct division GI Insight, which specialises in database management, explains: “We host databases for clients and we don’t just hold information like names and addresses. It’s not just dates of births either, but the number of children someone may have and their birth dates. That has to be absolutely secure.”

　　That seems to be in contrast to government departments that have lost unencrypted data. But Dsicmm’s Young is reluctant to hammer the government too much.

　　“The government has not got the resources to invest in IT in the same way the private sector can,” he says. “While sending out unencrypted data on a CD was a mistake, I don’t think we should necessarily be saying that we can teach the public sector lessons.”

　　But print could show the public sector a thing or two about encrypting data. You would think it would be a given for any storage device containing sensitive information, but many of the CDs that had gone missing were unencrypted.

　　“Encryption is not always standard,” says Bill Parker, managing director of software provider GMC. “For some, until you become a victim of this you don’t think it is an issue – you think that it will never happen to you.”

　　GMC’s PrintNet product contains standard encryption processes. The software is designed to create personalised marketing campaigns, an area more print firms are moving into, not just with print, but also with email, SMS and HTML. To do this, they need to manage a lot of customer data, which needs to be protected. Parker adds that he didn’t initially intend PrintNet to have a data security feature, but it has become a big issue, largely because “if you are having to send out data, there is a potential risk”.

　　Risk assessment

　　And risk is something everyone is more wary of in these days of internet banking and online shopping. “Identity fraud is at its absolute height,” says GI Direct’s Headley. “You have to do anything you can to minimise its impact.”

　　With identity fraud and missing data all over the news at the moment, it might make a few companies twitchy as to who they trust their information with, which could effect printers if firms decide to bring data handling in-house.

　　“There is a real threat that could happen, as some clients may not be so trusting any more to third parties,” says Headley. “Many used to have in-house printing facilities, which have gradually closed down. But if companies don’t want their data to leave the building, then it could happen.”

　　However, Dsicmm’s Young disagrees: “I do not think there is a high risk of companies going back down the in-house route. We take the issue of data incredibly seriously, having been so steeped in the financial services sector. We are dealing with organisations that have very high expectations.”

　　Print’s ability to respond quickly to market demands has helped the industry lead the way in protecting sensitive data and, with so many negative stories surrounding security, that’s unlikely to change – for the time being at least.

[时间：2008-03-07  作者：Philip Chadwick  来源：互联网|#]