by Martin Veitch

Website takes aim at information risk

Opinion
May 17, 2010
Security Software

Given all the fuss about data theft, breaches, cracking, corporate governance and malfeasance, new rules and regs, financial reporting transparency, cloud computing concerns, Facebook profiles and ‘smoking gun’ email messages – and that’s just the first round of buzzword bingo, folks  —  it was about time that somebody built a credible website all about information risk management. And here, perhaps, it is.

Inforiskawareness.co.ukis a new portal that aims to provide a heartland for Brits and European end-user organisations interested in the risk factors inherent in publishing electronic information from legal hold, e-discovery and e-disclosure to the latest ‘new’ world of offshoring and hosted data. News, blogs, whitepapers and more are promised although the site is at an early stage right now.

It’s backed by a bunch that you might expect to want you to be keen on learning more, including search and discovery firm Recommind, legal eagles Field Fisher Waterhouse, risk management software and services groups IntApp and Exterro, specialist publication Legal Technology Insider, lobbyist the e-Disclosure Information Project and domain expert group Risk Roundtable.

At a launch event, Recommind VP Craig Carpenter was refreshingly honest about the potential upside for his company but said there was plenty of need for such a forum, citing recent news-making incidents involving the BP oil spill, Goldman Sachs financial instruments probe and Toyota car recall. Information risk is “overlooked regularly by the largest of firms”, he argued, leaving them open to possible issues further down the line.

It’s certainly true that a lot of companies don’t have a head of information risk management or a fixed policy or process to be followed, although many more have risk committees led by CIOs, general counsel, PR bosses or executives. Of course, the stick to take this stuff seriously and apply formal rigour can only come from high-profile cases where loss (or other exposure) of sensitive information subjects organisations to risk of financial loss — or loss of face.

Chris Dale of the e-Disclosure Information Project said, “The UK perception [of e-disclosure] is that this is something the Americans do, it’s very expensive and we don’t want anything to do with it”. But Dale added that moves are afoot in the legal sector — including guidance for judges —  that could make local attitudes towards information risk far more of a serious issue.

To chime with the website launch, Recommind published a poll of UK CIOs and IT directors on attitudes to information risk. Data breaches and fraud were seen as by far the biggest risk factor (91 per cent of respondents), followed by compliance/regulatory investigations (44 per cent), Web 2.0/social media (35 per cent) and new technologies/Cloud (24 per cent).