It is not often a television advert makes me sit up, take notice and shout “No!….” at the box in the corner. One did recently, and perhaps it says as much about me and my long learned approach to data security.
Over the past three years or so, our company has introduced a rigorous and robust approach to data security and information management. This has culminated in us being one of the very few pension companies to have obtained ISO 27001:2005 accreditation and recently being (we think) the first in our industry to obtain the updated ISO 27001:2013 certification. Is has taken time, significant investment and the buy-in of all staff to engrain the proper processes and procedures into our day to day work. It is something we are very proud of. Among the many requirements are:
- Ensuring password protection of personal data being sent to external parties;
- The enforcement of “complex” passwords for all staff logging in to our systems;
- Clear-desk policy (not easy); and
- The proper disposal of confidential waste.
Now, take a look at Nat West’s recent “Goodbye unfair banking, Hello NatWest” advert. Skip past the tired parents waving goodbye to the unruly young party guests, the elderly couple waving off their raucous rock band neighbours, the father waving away his daughter’s bad-boy boyfriend and the lucky couple waving off the torrential rain on their way to a sunshine holiday. The culmination of the advert is your typical “man in the street” rifling through a number of “tempting” new customer offers that have been sent to him by “other banks” in the post. He pauses for thought, tosses the offer letters in the bin and wanders smiling into a shiny local NatWest branch.
“No. What are you doing?” I think to myself. You’ve just thrown a goldmine of personal information into a public dustbin. Are you mad? Address information on the outside, possibly further personal data on the inside. Take them home, shred them!
Taking my indignation further, I have had a look at NatWest’s Facebook page. Their video page contains a number of helpful hints on “How to avoid a phishing scam”, “Protect your identity” and “Password protection”. Of course, my comments above are not intended to be 100% serious. However, if a leading financial services firm cannot set the right example for data protection, then that gives rise to some concern. “Back to school” for the NatWest advert production team, I say.