Pharma industry failing to report data breaches

A recent Crown Records Management (CRM) survey conducted by Censuswide that interviewed 408 IT decision-makers within the pharmaceutical industry suggested that almost a quarter are failing to report data breaches. This is worrying considering the volume of personal data that pharmaceutical companies hold.

Key findings:

  • 15% are unaware of who to report a breach to.
  • 23% know someone within their company who has failed to report a breach.
  • 23% have failed to report a breach to senior management or to the relevant authorities.

Dominic Johnstone, head of information management at CRM, said:

Whilst the pharmaceutical sector is doing better than most when it comes to understanding what entails a data breach, there is still a long way to go. The frequency of data breaches that go unreported is especially worrying in a sector such as pharma, which handles large quantities of sensitive data.

He continued:

Some of these statistics really are shocking and suggest that data breaches may be far more common and more widespread than many people realise. These results also indicate a culture inside many companies that the best response to a breach is to ignore it or keep it quiet.

It is vital that organisations have a clear process in place for when data breaches occur and, more importantly, employees need to be aware of it. Unreported data breaches could incur fines and could also result in reputational damage among customers and stakeholders.

When the EU General Data Protection Regulation (GDPR) comes into force next year, one of the requirements is to report personal data breaches that risk people’s rights and freedoms within 72 hours of discovering them.

Read more on how to take the first steps towards GDPR compliance.

IT Governance has all the resources you need to comply with the GDPR, including those for raising staff awareness.

A key component of any organisation’s GDPR compliance framework is staff awareness and education. With the Regulation stipulating significant fines for non-compliance, it is essential that your staff have an understanding of the new Regulation’s requirements.

Are your staff aware of the GDPR?

The GDPR Staff Awareness E-learning Course is a quick, affordable and effective means of delivering training to multiple learners. The course is suitable for all employees whose job involves processing and storing personal data and also for non-technical staff.

Make sure your organisation is fully GDPR-compliant by enrolling your staff on the GDPR Staff Awareness E-learning Course.