Did you know…….. if your company does not go to appropriate measures to protect documents and other files including sensitive data on clients you may be liable to pay some hefty fines that can be as much as quarter of a million pounds?
In 2012 Manchester Police was fined £120,000 for loss of sensitive data on a personal USB stick. The valuable device was unencrypted and had no password protection. It contained details of more than a thousand people with links to serious crime investigations and was stolen from an officer’s home. The USB stick has never been recovered.
Manchester police were issued a substantial monetary fine reflecting the significant failings the force demonstrated.
Last year a Law Firm spent almost £20,000 for a company to collect and scan hundreds of boxes of documents just to find 1 piece of client information that contained highly sensitive and confidential data, to avoid being sued nearly quarter of a million pounds
These are just 2 examples of the consequences of not securing your businesses data
To ensure your business does not fall victim to data loss and subsequent fines it is important to take document storage seriously.
Avoid the Risks
Lock filing cabinets and rooms where you keep sensitive data, and only give keys to trusted employees.
Use paper shredders, and place them in strategic places around your office.
Encrypt your data.
Password-protect laptops and mobile devices and keep them locked in cabinets or drawers when not in use.
Back your precious files up to an external hard drive, rewritable DVD, or on-line “Cloud”
P4P can also help businesses avoid these risks with our CloudEQMS Document and Quality Management System that has appropriate measures to protect documents and other files including sensitive data on your clients which if lost or destroyed you may be liable to pay some hefty fines.
FAQ About Data Security
How do I know whether the Data Protection Act (DPA) applies to my business?
In general the DPA applies to all organisations including self-employed financial advisors and accountants which hold or use personal data (information) about individuals. Information about your staff or customers or anyone else you have business dealings with.
How am I allowed to use the personal information I hold?
The way you may use the personal information you hold is governed by the eight Data Protection Principles:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate
- Not kept longer than necessary
- Processed in accordance with individuals’ rights
- Kept secure
- Not transferred to countries outside the European Economic Area without adequate protection
I have been contacted by a third party requesting information about a member of staff. What should I do?
Be very careful who you disclose information to. You need to find out exactly who requires the personal data and why. Obtain the consent of the relevant member of staff before any data is disclosed to a third party.
Securing your business’s data is not easy and it takes expertise. However, you can implement very practical and simple solutions, such as the tips above to ensure that when a hacker sniffs around your computers and mobile devices they will move on to another victim because your infrastructure is not worth the trouble of hacking into it.