The seventh principle of the Data Protection Act is: "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data" (Lose data and you go to jail).

IT professionals are already finding it tough to implement and maintain IT solutions to address evolving data security threats.

Vital projects are frequently competing for IT budget and resources.

In my experience, organisational measures - such as the effective communication of policies and procedures and training of employees - have a greater potential to  affect people's behaviour.

Therefore, better habits are acquired and risks truly minimised. Automated solutions which ensure the timely distribution of new and   revised policies and procedures, so that they are read, accepted and proved to be understood, make policy compliance affordable for all organisations, however large and dispersed its workforce.

It is high time that all departments within every organisation recognise  that data security is a
shared responsibility, which demands a collective  response and, dare I say, shared budget.

In this way, simple yet effective cross-function interventions are less likely to be overlooked, as large IT project rollouts take precedence.

Dominic Saunders