In an interview with Tufin Technologies at InfoSecurity Europe Christopher Graham warns organisations that play loose with customer data will not only face his wrath but also that of the customer

Tufin Technologies, the leading provider of Security Policy Management, today published an interview it had with the UK Information Commissioner, Christopher Graham, during London's Infosecurity Europe last month. In it, the thorny subject of compliance is discussed with Mr Graham revealing he believes compliance is not just about preventing data loss but also demonstrating respect for customers. He argues that, if you don't care about your customers, you're going to lose business very fast.

Talking to Micheal Hamelin, Chief Security Architect for Tufin, Mr Graham warns, "If you don't show respect, then you're going to trash your brand very quickly and there's a whole range of regulators out there to get you. Here in the UK I can levy penalties of up to £500K if you get things spectacularly wrong. I'm not suggesting it's the first concern, but it should make the CEO sit up and take notice."

A key theme of the discussion is that the information organisations hold is very valuable to them, but it shouldn't be forgotten that it's also very valuable to the individuals that have given it. Business logic dictates that data is to be exploited, however this also means protecting it. Mr Graham adds, "The customer is getting quite savvy about this and they'll work out who respects them and who doesn't. If you're one of the ones that doesn't respect your customers, you'll lose them."

Looking at the task of protecting data and compliance with legislation, Mr Graham advises, "This isn't about just ticking boxes. It's about making sure that your systems work, day in day out. There's no good saying that you had the audit a year ago and passed, so that's fine - that's ticking the box. I'm talking about eternal vigilance. Things can go wrong, and things do go wrong because of the human factor, unless you take things seriously. It's a daily task."

Both Mr Graham and Mr Hamelin agree that Continuous Compliance is the key. Even a few minutes after an audit, if a change is made, it could mean systems are no longer compliant. Organisations need to look at their position every day, and also make sure that every change remains within the guidelines of staying complaint and ultimately respecting the customer. Michael Hamelin adds, "In a survey conducted from our booth during InfoSecurity Europe last month amongst IT professionals, we discovered that only six percent had implemented Continuous Compliance in response to the EU directive with a further 39% considering it. In my opinion, while this is obviously encouraging, it still isn't enough."

So, be warned the ICO is watching and Mr Graham forewarns, "If what you do involves people's personal information, and you play fast and loose with it, you will not be forgiven."

To watch the full video visit http://youtu.be/D2rj2FPgwSQ.