Additional powers highlight importance of data protection
Commercial insurance
30th July 2010
The importance of good data protection systems is more vital than ever since the Information Commissioner's Officer (ICO) was granted additional powers in April this year. The maximum amount the watchdog can now fine companies and organisations for the worst breaches of legislation rose from £20,000 to half a million pounds, emphasising the importance of good information security systems.
Small and medium-sized enterprises (SMEs) can implement safeguards to ensure that any information held on staff, customers and clients is carefully protected, as breaches of the Data Protection Act can prove costly and complex to address.
In addition, the ICO recently revealed it has been working harder than ever, receiving record numbers of reports about violations of the Data Protection Act and taking action against more bodies failing to adequately guard information in their care.
A recent international study carried out in 17 countries discovered that human error is to blame for around 40 per cent of all data loss incidents, something which may be of particular interest to SMEs trying to improve their systems.
The poll by Kroll Ontrack discovered that more respondents believe the cause of most information handling problems to be manmade than consider software or hardware failures to be to blame. Therefore, companies are advised to put strict data policies in place to guard against breaches of the law, in addition to assessing their systems for any potential risks.
A further method of guarding details held on individuals by firms is to implement a business continuity strategy, which will protect networks in the event of a disaster or a disruptive event. This is particularly important as the Kroll Ontrack study discovered natural disasters are the cause of a growing number of information security breaches, rising from two per cent in 2005 to three per cent this year.
Companies of all sizes should check that they are encrypting sensitive information and implementing policies regarding the use of mobile devices such as smartphones and laptop computers.
Meanwhile, with greater chances of action being taken in the case of breaches and higher penalties, insurance documents should be carefully checked and action taken, if required, to put all possible protections in place, including speaking to an expert broker.
Penalties tend to be less severe if companies voluntarily report incidents to the ICO, which has witnessed a 30 per cent rise in the number of data protection issues it handles each year during 2009-10. And the information commissioner, Christopher Graham, warned that the agency has made a series of organisational changes to ensure it can take more effective enforcement action.
By focusing on data quality and protection issues, companies can both enhance their operations and guard against the risk of violating information legislation. Implementing effective procedures when it comes to handling details relating to customers, clients and members of staff can also help to enhance confidence in a business.
