We recently reported in an earlier e-update that following the recent spate of 'unfortunate' data losses, the UK's Information Commissioner had issued a good practice note "Security of Personal Information". In it he provides some basic practical advice on how to assess the risks for your business and review what security measures you may need to put in place. At the same time the Information Commissioner warned that where loss of data occurs as a result of inadequate security measures, enforcement action may be taken against the offender.
Inevitably companies who care not only about being compliant with the law but also about the protection of their hard earned reputations and their loyal customer base will need to make sure that they are fully compliant in their data handling.
Unfortunately some sections of the business community (or to be more precise, government) have failed miserably in their recent attempts to 'beef up' security. One such failure is that of the Department for Work and Pensions who have recently been reported as failing in meeting their own security rules. Apparently, in this latest slip up, staff complied with security procedures by sending discs containing sensitive information separately from the passwords, unfortunately once staff received these items separately, when they needed to pass them on elsewhere they sent the discs and yes, the passwords together!
Once again the actions of the DWP demonstrates that good security practices have to be followed through on - from the top to the bottom and there is a need to regularly remind all staff whether they are working internally across departments or working with external companies of the need to keep data secure and prevent data security breaches. Prevention is always better than the cure!
One way of doing this is to carry out a Data Protection compliance audit. The audit will examine what processing of personal data occurs in a business and whether that processing is carried out in accordance with data protection legislation. It should also identify any weaknesses an organisation has with regard to the security of the personal data it processes and therefore prevent adverse publicity and loss of consumer confidence.
Disclaimer
The material contained in this article is of the nature of general comment only and does not give advice on any particular matter. Recipients should not act on the basis of the information in this e-update without taking appropriate professional advice upon their own particular circumstances.
