The Information Commissioner’s Office (ICO) gains new powers to enforce fines of up to £500,000 on companies that break the Data Protection Act. The level of fine will vary according to the measures taken by the company to prevent a data breach and the nature of the breach itself.
KPMG anticipates that the ICO will quickly look for big name companies to target with its beefed up powers and has come up with some suggestions to keep the right side of the law on data privacy.
Encrypt your data. While in decline, KPMG points out that 20% of all incidents are caused by a failure to encrypt sensitive data. Organisations should take care to encrypt not just laptops but also desktops.
Check out third parties. KPMG estimated that a third of the 490 million people affected by data losses since 2005 involved cases where the loss was caused by a third party, normally a supplier. However, it is the data owner that will be pursued by the regulators, so it’s vital to look beyond simply having a security clause in a contract and actively confirm what that means in practice. If something then goes wrong, the data owners can prove that they did everything in their power to comply with regulations.
Offshore contracts. Offshoring or outsourcing relationships need to be carefully examined, particularly if data is offshored to countries where data value is not so highly prized. Even if there are processes in place, they may still fail because of this mismatch in appreciation of data value which may result in their response to a problem not being as prompt or thorough as the company or regulator would like.
Deal with data loss quickly. If the worst happens, companies are likely to incur higher fines if they don’t recognise the severity of the loss, are tardy about reporting it, don’t conduct a through investigation, assess the impact on individuals involved or act quickly to correct the weakness.
Beware the regulator. With its new powers, the ICO will be keen to flex its muscles and demonstrate how seriously it takes data breaches. Companies should ensure they have done all they can to identify and correct problems.
Please contact Save9 on telephone 0845 029999 or email info@save9.com for a complimentary data protection session or to request data sheets on our range of data protection solutions.
Tags: Data Protection, ICO, Information Commissioner’s Office, KPMG
