The sixty-four pound data protection question

As milestones go, this is not one that many in the data industry will want to celebrate – the 1,000th data breach being notified to the Information Commissioner’s Office.

Number 1,007 was notched up just as the organisation responsible for the single biggest data loss yet – HM Revenue and Customs – was getting it wrong again by accidentally sharing personal and financial data between neighbours. While its first loss of two disks holding 25 million records and the recent printing of the wrong people’s information in tax credit mailouts were both examples of cocking up, they also serve to underline that we are a long way from treating data as a valuable asset. How would an organisation feel if it had accidentally inserted £64 every one of hundreds of mailings?

Yet that is what the Ponemon Institute currently estimates that a data loss or data security breach costs to rectify on average. So there is clearly a gap between the good intentions and best practice being spoken about and claimed at the top of UK plc and the perception of data’s importance lower down the chain.

After all, physical mailings are seen by multiple workers during the production process, with spot checking of quality standard practice in most printers. Yet nobody seems to have picked up that the information on Mrs Smith had been merged into a letter to Mr Jones.

What is worrying is that the driver of that oversight is one that is likely to increase and therefore lead to more such problems – cost reduction. Government departments and agencies are obliged to use the lowest cost suppliers they can find. Commercial organisations are following suit to keep their own overheads down.

Those rock bottom prices can only be achieved if you cut out elements of the process that look nice-to-have, rather than must-have. Checking data quality and merge-purge processes looks like an optional extra and since it involves labour time, represents what looks like a cost that can be cut.

Much of what ought to be done around data protection and data security is currently viewed the same way. Instead of seeing the business case from the perspective of risk reduction and compliance, data management can end up looking like an overhead built in when times were bad.

It might cost £64 to rectify every data loss. But that is only a theoretical cost and a risk that lies somewhere in the future. The way most companies look at it is that, if it is costing 0.64p to double check data security and processing, why not cut out that expense? Let’s hope they do not end up paying the price.

Latest from Marketing Week


Access Marketing Week’s wealth of insight, analysis and opinion that will help you do your job better.

Register and receive the best content from the only UK title 100% dedicated to serving marketers' needs.

We’ll ask you just a few questions about what you do and where you work. The more we know about our visitors, the better and more relevant content we can provide for them. And, yes, knowing our audience better helps us find commercial partners too. Don't worry, we won't share your information with other parties, unless you give us permission to do so.

Register now


Our award winning editorial team (PPA Digital Brand of the Year) ask the big questions about the biggest issues on everything from strategy through to execution to help you navigate the fast moving modern marketing landscape.


From the opportunities and challenges of emerging technology to the need for greater effectiveness, from the challenge of measurement to building a marketing team fit for the future, we are your guide.


Information, inspiration and advice from the marketing world and beyond that will help you develop as a marketer and as a leader.

Having problems?

Contact us on +44 (0)20 7292 3703 or email

If you are looking for our Jobs site, please click here