Data Protection – How to avoid a £5000 fine and a Jail sentance
I have recently been asked to present on the importance of securing “Data” – many people ask why they should secure their data, well if you are holding any data, particularly data about other people – i.e. your customers then I’m afraid its a LEGAL requirement as set out by the Information Commissioner’s Office (ICO).
Why comply – its a legal requirement
Keeping the information you have about your customers secure will help protect your and their information. It could also protect you against claims for damages
Good business sense
Sending out a mailing from incorrect or out-of-date records could not only annoy your customers but also wastes your time and money
Good information handling can improve your business’s reputation by increasing customer and employee confidence in you
The eight data protection principles of good information handling say that personal information
must be:
• Fairly and lawfully processed
• Processed for specified purposes
• Adequate, relevant and not excessive
• Accurate and, where necessary, kept up to date
• Not kept for longer than is necessary
• Processed in line with the rights of the individual
• Kept secure
• Not transferred to countries outside the European Economic Area unless the information is adequately protected.
Its very easy to adhere to these basic principles if you secure your data by:
Physical Security – Ensure good secure locations for your IT equipment and secure your building.
Passwords – Long, strong, with uppercase, lowercase, numbers, symbols, etc – e.g. P@5sw0rd instead of password.
Software Security – Keep your operating system (Windows) and applications are all patched and up to date.
Gateway Security – This means Firewall – get a good one to keep the badies out – I recommend SonicWALL
Secure Wireless – Do you need it? If so use strong WPA2 encryption, hide the SSID, lock it down.
Email Compliance – Filter and check emails – ensure no-one is sending out secure information.
Restrict Access & Information – Limit peoples access to information – if they can’t see it they can’t leak it!
Backup & Restore – Ensure you securely back your data regally up and you can recover it – don’t leave your backups in an unsecured location!
Encryption – If you have a laptop its highly stealable and you’re also likely to leave it on a train my mistake (this happens to Government and the public sector all the time), so encrypt it!
And after all this, if you are in doubt, speak to some experts.