Data Protection Act
The Information Commissioners Office (ICO) has received new powers to issue financial penalties of up to £500,000 for serious breaches of the Data Protection Act which comes into force on 6th April 2010.
ABC Networking can help businesses ensure compliance and reduce risk of a data breach. The ICO can issue fines where there has been a serious breach of the Data Protection principles, where such a contravention has or is likely to cause substantial damage or substantial distress.Many businesses think that they are compliant with the Data Protection Act but unfortunately this is not always the case. There have been some high profile examples of late that show that even heavily regulated businesses such as banks still suffer serious data breaches.
The area of the Data Protection Act that most businesses fail on is Principle 7 which states that Software Encryption technology should be classed as an appropriate security measure given today’s (2010) technological advancements.
Many businesses have already ensured that they are protected by working with ABC Networking to develop processes and procedures to comply with all eight Principles of the Data Protection Act. We can not only assist in the development of the processes but can also deploy technology to ensure compliance, making sure that the data is protected both in motion and at rest.
The ICO has stated that where such losses occur and where encryption software has not been used to protect the data, enforcement action will be pursued.
Click here for more details about how the ICO views using technology to protect data...
Personal data within a business falls into two distinct categories:
Client Personal Data – which are details such as a client's DOB, address, bank details and name. The nature of the business determines how much client personal data they have, for example, a financial organisation would have a large volume, a company that is purely business to business would have very little, if any.
Staff Personal Data – such as personnel files, application forms, interview notes and performance records. All businesses with employees have this type of personal data.
Personal data can be further defined by its sensitivity, anything deemed sensitive is called Sensitive Personal Data.
Sensitive Personal Data – As the name suggests, this is very personal and sensitive data that contains information about an individual’s physical or mental health, racial or ethnic origin, political opinions, religious and similar beliefs, sexuality, trade union membership and criminal offences (including alleged offences).
Client Sensitive Personal Data would be typically health questions on application forms and medical reports obtained for underwriting or claims.
Staff Sensitive Personal Data would be data such as sickness records.
Your business relies on data, it is the life blood of the organisation.
Don’t bankrupt your business because of poor data management.
