Yesterday was international data privacy day and a report released to coincide with the campaign shows the need for best practices when it comes to digital data records.

The research, from Iron Mountain, found that 77% of companies have no established policies that cover electronic data records, even though the vast majority have them for physical databases.

This is an appalling indictment of the state of corporate data protection, but given the rash of regular news reports on firms leaking data, it is perhaps understandable.

Whilst understandable, the faux pas that a company has failed to protect its data effectively is still unacceptable, both from a regulatory and legal approach.

And that is before we get in to the morality of allowing your company’s customer information to leak, and potentially be misused by the criminal community.

The message of – ‘thanks for buying from us, now we’ve leaked your data and it could cost you dearly’ – is a pretty awful one, and one that will turn off customers from companies on a major scale.

The reputational damage, although not often reported on, is one that can really hit home on companies with a poor approach to encryption and data security generally.

The good news is that researchers found that those firms with the strongest records management practices employed the most formal programmes governed by multi-disciplinary teams across the organization.

Those firms that take a serious attitude towards encryption to protect data on the move are the most responsible when it comes to security policies. And those that don’t take a serious approach to the issue also tend to get hit by legal action and regulatory fines. But that’s another story entirely.