Today was the day that the ICO’s got the power to fine companies for data breaches with the amendments to the Data Protection Act finally coming into force. With the UK somewhat behind some of the EC this brings us closer in line with the the European Commissions E-privacy directive that the UK signed up to some years ago to uphold the privacy of individuals and specifically personally identifiable data. A lot has been written about this subject but what does it mean and how does it affect your business?
If your business stores/holds personally identifiable data about individuals, that data is now governed by the Data Protection Act. If your company has personally identifiable data your company is legally obliged to register themselves with the ICO and appoint one or more a Data Controllers within your organisation. It is then that persons responsibility to ensure that all personally identifiable data is stored and distributed in a secure manner. This affects both the data stored within the organisation but the bit we get involved in is the ‘distribution’ or the data, to third parties, customers, suppliers, remote offices or remote workers. This data now needs to be secure & managed file transfer so that you have a complete audit trail of who sent what, to whom and when – also providing information on when the information was downloaded and if possible where they were when it was downloaded. Simply put you need to know what’s happening with your data at all times!
Why should I go and implement new systems, who’s going to know it was me? Well you could take this approach and to be fair a lot of companies will lose data and won’t get caught but would you seriously want to take the risk that the ICO could find out due to your data ending up somewhere its not supposed to be. The consequences are up to 10% of turnover (up to a maximum of £500,000) and public humiliation when the ICO provide their statutory reports on which companies have had breaches. Given that the ICO have been a little bit slow in getting to this stage according to the EC who threatened to fine the ICO at the end of last year you can expect that the ICO will want to take the opportunity to make a statement to the EC when they get the opportunity. Personally I’d rather it wasn’t my company getting noticed for the wrong reasons – remember TK Maxx?
So what should I do? Well, if you’d like to speak to someone who’s able to provide you an independent insight into the best way to move your data securely within any given business scenario then you should give Pro2col a call as we’d be pleased to help. If you don’t want to do anything then good luck and keep your fingers crossed because the ICO are coming!