Small firms warned about data protection risks
Commercial insurance
18th March 2010
Owners and managers of small and medium-sized enterprises (SMEs) in Britain have been warned recently that they could face stiff penalties and fines if they breach data protection legislation.
A study by solutions provider Eclipse Internet discovered that almost two-thirds (62 per cent) of 154 smaller businesses polled are unaware of changes being made to the law governing the guarding of information by data handlers. All companies that handle sensitive, personal or confidential information must ensure they are compliant with the Data Protection Act and acquaint themselves with it.
As the risk of such information being lost or stolen becomes greater with wider use of technology such as mobile and portable devices, it is important that small companies examine their insurance policies to ensure they have guarded against such threats and the action that could be taken against them as a result. Giles Insurance Brokers Ltd. advises speaking to an insurance expert to secure cover that will be suitable in such instances.
This is of particular importance as the Information Commissioner's Office (ICO) is due to receive new powers in April that will enable it to take sterner enforcement action against organisations that breach data protection regulations. Under the plans, the watchdog will be able to impose maximum fines of up to £500,000, a significant increase from a previous maximum limit of £20,000.
SMEs in particular are being urged by Giles Insurance to make themselves fully aware of their responsibilities under the Data Protection Act in order to mitigate the risk of fines or other penalties as a result of breach as much as possible. The study by Eclipse Internet highlighted the lack of awareness about changes to the law that are taking place regarding the protection of information.
According to the ICO, in order for a fine to be imposed against a firm, any incident must be found to have been likely to cause damage or distress and the company to have failed to take reasonable steps to prevent it either through negligence or because it was deliberate.
More than 800 breaches of data security rules were reported to the Information Commissioner over the past two years.
Companies are being urged to ensure they are fully aware of what they need to do in order to comply with regulations regarding the protection of confidential or personal information.
Measures such as encrypting sensitive data and introducing passwords to ensure that only those who need access can see information can significantly reduce the risk of breaches. However, it is also vital that a good insurance policy that covers such incidents is in place in case such safeguards fail.
Giles Insurance is experienced in advising small businesses about their insurance requirements and can provide customers with access to a range of products tailored to their individual needs.
