With the sheer abundance of security standards, laws and legislation in our society nowadays, it’s really easy to get overwhelmed.  Although a necessary measure to safeguard individual’s confidential information and protect your business against prosecution, it can be difficult to fathom which laws apply to your organisation.

To complicate matters further, legislation varies between continents, in the US even between states!!  As a result, we have put together a succinct guide detailing some of the most high-profile legislation governing the US and UK in terms of secure file transfer, including some standards that are recognised internationally.  These include acts such as The Health Insurance Portability Act (HIPAA), Sarbanes Oxley (SOX), Gramm-Leach-Bliley and The Data Protection Act, as well as industry standards like FIPS and ISO 27001.

Unfortunately it doesn’t end there.  Once an organisation has established which legislation applies to their business, they then have to make sure that their systems and procedures are actually compliant!  Thankfully, accompanying the majority of legislation is compliance testing – a sure-fire way to guarantee investment in technology and solutions that meet the secure file transfer requirements stipulated by government.

If you would like to discuss security compliance in terms of secure file transfer solutions, don’t hesitate to get in touch – we are happy to provide advice and support.

Announced earlier this week by the Ministry of Justic, amends have been made to the Data Protection Act of 1988 that when passed in April 2010 will allow the ICO to impose fines of up to £500,000 on organisations found to be negligent regarding the privacy of personal data.

Justice Minister, Michael Wills, said: “We want to ensure that the Information Commissioner’s Office has the powers it needs and is able to impose robust penalties on those who commit serious breaches of data protection principles.”

To be subject to the fine there are certain criteria to be met, but the one that should make existing Data Controllers sit up and take notice is:

If the data controller knew or ought to have known that there was a risk that the contravention would occur, and that such a contravention would be of a kind likely to cause substantial damage or substantial distress, but failed to take reasonable steps to prevent the contravention.

If you’re a Data Controller responsible for your companies data security how does this announcement make you feel?  If you’d like a no-obligation discussion regarding your data security requirements contact Pro2col today on 0333 123 1240.

Article continues here

The European Commission (EC) have publicly stated that the UK Government is not adequately enforcing European data privacy laws and is ready to clamp down on them in 2 months time.

Reported on the infosecurity web site and backed up by our recent discussions with the ICO; next year is likely to be the year in which Enterprises feel the full force of European legislation regarding the privacy of data.  Enterprises will be under increasing pressure to ensure that every step is taken to secure data both at rest (internally) and in transit (e.g. securing file transfers).

The powers at the disposal of the ICO are also being addressed with individuals responsible for data security breaches potentially being liable for custodial sentences.

Read more: European Commission warns UK over privacy legislation