<em>5 July 2004</em> One quarter of HR and IT managers in UK businesses do not know who is responsible for training staff on confidential data protection, according to a new survey.

The survey, commissioned by web and email filtering company Surfcontrol, questioned over 400 senior IT and HR professionals in the UK. It highlighted a worrying lack of co-operation and understanding between HR and IT departments over who is responsible for training on confidential information management – despite the fact that 91% of respondents admitted to regularly sending and receiving confidential information by email.

In fact, 46% of senior HR executives questioned said the training of staff on the dangers of distributing confidential information rests with the IT department. However, only 38% of senior IT decision makers were in agreement, and 24% believed the HR department is responsible for the training.

"The survey shows us how different departments are deflecting ownership of training issues," said Martino Corbelli, director of marketing for Surfcontrol. "Traditionally HR has been responsible for policies and the implementation of training courses, whereas the IT department is responsible for networking and system advice. Why aren't both departments working together to address the security risks connected with leaked confidential data?"

Staff do not appreciate the risks in the same context as senior management, he adds, and this is where training on the issues and implications of sending a confidential email is seriously needed.