What can you do? We reported the apology by IT contractor Serco for the loss of one of the firm's laptops, which contained personal and bank details on more than 16,000 Worcestershire county council staff.
A joint investigation by Serco and the council found that “an employee of Serco, whilst wholeheartedly committed to the task in hand, allowed sensitive data to be inappropriately stored, contrary to Worcestershire county council and Serco’s expectations”.
Wholeheartedly committed... it sounds like some poor contractor, busting a gut to finish off a major project, took their work - and the council’s payroll data - home, with pretty grim consequences. But how do you encourage initiative and commitment without making such compliance blunders?
What would you rather have, a nine-to-five team or a team who cared enough about their project that they put in the hours necessary to get the job done? Once you’ve got the commitment, how do you prevent unexpected consequences?
A starting point might be to talk less about compliance and more about business integrity. Compliance carries with it undertones of obeying arbitrary rules. Selling compliance projects as a way of gaining competitive advantage is a fine in the City, but elsewhere the issue is too often seen as a chore. Changing language is not the whole answer but it can help.