Data Protection is an increasingly grave concern for businesses. For many businesses, their data and information is their livelihood. This can range from a client or contact database through to employee and payroll records through to commercially sensitive financial records and tenders but together as part of frequent bids to win more business. All of these different types of data are sensitive to a business and all are equally deserving of secure protection. In the case of personal data – names, addresses, national insurance numbers, photographs, health information, passwords and log – in information, all of this needs to be stored in a secure and encrypted format to comply with the requirements of the Data Protection Act. Without them, there is a risk that data could be inadvertently lost through an internal system failure or through a malicious hacking attempt.
If your business uses data or transmits it, there are several issues to be aware of. If you are sending personal data via email, this should be encrypted. There are encryption programs out there that can be used quite easily and at minimal cost. It is a matter of ensuring that you have the right Data Protection Policy in place for your organisation and also that everyone in your organisation knows what personal data is, how important it is and how it should be properly protected.
The Risks in handling personal data can be grave. The UK Information Commissioner’s Office enforces the Data Protection Act 1998 in the UK. They can fine businesses anything up to £500,000 for breaches of the Data Protection Act. You may read about the frequent data protection breaches that affect the public sector, with the NHS losing medical records, Local Authorities sending data to the wrong recipient or even MI5 operatives leaving highly sensitive and confidential information relating to the Defence of the UK in the back of a cab in the form on an unencrypted USB drive. However this is not a problem that is peculiar to the Public Sector. The biggest source of Data Protection breaches in the UK in 2012 was none other than one of the leading Mobile Phone operators, an organisation that charges large sums from businesses and individuals but has been fined by the ICO for inadequately protecting its personal data.
The risks can be even greater. For a business, it can be the crushing blow to a reputation that can destroy a business overnight in the event of a serious Data Protection breach that is publicised in the local press and radio that can be a particular concern. A reputation that has taken years of painstaking building can be changed very rapidly and the loss of confidence that flows from this can be terminal in the current economic climate. Consequently the need to protect and secure data is more pressing than ever.
We work with our clients to help them when it comes to drafting internal policies and implementing them. We can advise on or deliver training to staff, and we can ensure that policies are used in practice and not just locked into t lever arch file and forgotten about after another death – by – Power Point internal training session. Every business is unique and the policies, training and support that we will provide is tailored to your specific needs and aims.
We can advise on:
- Data Protection & Security Policies – both for hardcopy data and online
- Data Protection & Security Training for your organisation
- Identifying areas at risk from data loss
- Implementing security in IT systems
- Data Protection subject access requests
- Data Protection breaches
- Data Protection & The Cloud
- Data Protection and Mobile Devices including smartphones and tablets
- Encryption packages
- Profession – specific Data Protection requirements from a regulatory perspective
Please contact us on 0114 272 1884 to discuss your specific requirements