European Data Protection Day was the 28th January 2008 – it is an annual event designed to raise awareness amongst European citizens regarding personal data protection and what their rights and responsibilities are.
Once again this annual event has, at least in the UK, passed us by with little fanfare. In our e-update of this time last year (yes we did mention it!) we talked of the constant struggle to keep good data protection practices at the forefront of the business mind. Unfortunately with so many competing demands such practices appeared to have been pushed to the bottom of an already over stretched pile of 'things to action'.
As we have all grown another year older, we ask "has much changed in a year?"
It is fairly safe to say "NO". Whilst data protection is firmly on the front cover of newspapers and television news channels, it is only as a result of the ever continuing reporting of yet another security breach.
But it's not just government departments that have had the misfortune to 'mislay' a disc or 'lose' a few files; there remains an ever increasing number of businesses who through a lack of knowledge of what personal data it processes, who have as a result put in place inadequate security measures (or as the case may be - none at all) and find themselves in the position of having to explain to customers and clients why their personal data has gone 'missing'.
Following the recent spate of 'unfortunate' data losses, the UK's Information Commissioner has issued a good practice note "Security of Personal Information". It provides some basic practical advice on how to assess the risks for your business and review what security measures you may need to put in place and is available online.
In releasing his good practice note, the Information Commissioner has warned that where loss of data occurs as a result of inadequate security measures, enforcement action may be taken against you - especially where you have failed to utilise encryption software.
Inevitably companies who care not only about being compliant with the law but also about the protection of their hard earned reputations and their loyal customer base will need to make sure that they are fully compliant in their data handling.
One way of doing this is to carry out a Data Protection compliance audit. The audit will examine what processing of personal data occurs in a business and whether that processing is carried out in accordance with data protection legislation. It should also identify any weaknesses an organisation has with regard to the security of the personal data it processes and therefore prevent adverse publicity and loss of consumer confidence.
In the meantime, a belated happy European Data Protection Day!
Disclaimer
The material contained in this article is of the nature of general comment only and does not give advice on any particular matter. Recipients should not act on the basis of the information in this e-update without taking appropriate professional advice upon their own particular circumstances.
