data protection

A Small Business Guide to Data Protection Compliance

A Small Business Guide to Data Protection Compliance

Essentials The essential information about data protection compliance Your Responsibilities With data protection compliance you have a number of responsibilities… Glossary A list of data protection terms FAQs Frequently Asked Questions (FAQs) about data protection Rules & Regulations The rules and regulations governing data protection Essentials The law requires personal data to be collected and used in such a way that individuals’ personal details are protected. To comply with the Data Protection Act 1998 (the Act) a business must follow the eight data protection principles when handling personal data. When your business handles personal information the principles require the data to be: fairly and lawfully processed; processed for limited purposes; adequate, relevant and not ex... »

Data Protection Good Practice

Security of personal information This good practice article aims to alert small and medium sized organisations to the security measures they should have in place to protect the personal information they hold. The Data Protection Act 1998 requires all organisations to have appropriate security to protect personal information against unlawful or unauthorised use or disclosure, and accidental loss, destruction or damage. It is not intended, and cannot be, a comprehensive guide to all aspects of security in all circumstances and for all organisations. The British Standards Institute (BSI) has an information assurance standard that can be tailored to individual circumstances. The Department for Business, Innovation and Skills (BIS) have also produced guides and checklists which will help you to... »

Data Explosion Leaves Companies Exposed to New Legal Risks

Advances in technology, changes in employee ways of working and vast increases in data storage capacity are leaving companies open to a new era of governance and legal risks, says PwC in a new report published today. The Future of E-disclosure 2020, shows how courts and regulators are becoming increasingly intolerant of inadequate or incomplete document disclosure and how many companies’ information, storage and retrieval capabilities no longer cut it in a world where corporate data volumes grow upwards of 40% a year. Tom Lewis, partner and leader of PwC’s forensic technology soutions, says: “Companies are generally good at creating and storing data but struggle to catalogue and retrieve it effectively. With employees increasingly being able to store information in perpetuity for lit... »

Firms Face Fines for Losing Data

Small businesses could be fined up to half a million pounds if they lose confidential customer or employee information, under new penalties introduced by the Information Commissioner’s Office (ICO). The new maximum penalty for businesses guilty of a serious data breach is 100 times greater than the one it replaces. Previously, the ICO had the power to fine just £5,000 for serious breaches of the Data Protection Act (DPA).  Announcing the increased fines, the Information Commissioner, Christopher Graham, said: “I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law.” A serious breach of the DPA has been defined by the ICO as one that was “likely to cause damage or distress” and was &ldquo... »

Wireless Internet

Small firms fail to secure Wi-Fi access

More than half of small firms are unable to tell who is accessing their wireless internet (Wi–Fi) network. Research from network security firm Napera found that 57% of small and medium–sized enterprises (SMEs) do not know who is accessing their network, while 20% allow guests to plug into their network without checking the security of their computers. Napera Networks EMEA vice–president Pierre Blom “By failing to enforce security, SMEs leave themselves open to attacks, which could see their networks or data compromised. It’s critical that organisations of all sizes protect themselves from any potential threats which could cost them millions.” “All businesses should have policies in place to identify and control who and what are accessing the networ... »

Workplaces lax on Data Protection

Security–lax employers are leaving staff exposed to identity fraud by failing to protect their personal data at work, according to marketing firm CPP. A CPP survey of more than 1,000 UK employees found that 60% have been put at risk of fraud because of their employer’s poor data security policies. The research revealed that despite recent high–profile data losses by business and government, employers are still failing to shred sensitive documents and personal information, with some even placing this data on websites. CPP identity fraud expert Danny Harrison said the results were surprising, given that employers have a legal responsibility to protect their staff under the Data Protection Act. “Businesses could be at risk of hefty fines if they don’t comply, and... »

SMEs Warned to Watch Out for Data Protection Scam

The Forum of Private Business (FPB) has warned small firms to make sure they don’t fall foul of a scam in which bogus government agencies send notices to businesses demanding they register under the Data Protection Act (DPA). According to the Information Commissioner’s Office (ICO), more than 200 businesses a month are falling victim to fake data protection agencies masquerading as government bodies. The conmen typically send out official looking letters, containing threatening language, requesting businesses pay between £95 and £135 to register under the DPA. “If firms receive a letter out of the blue, demanding more than £35 to notify under the DPA this will be a scam,” said FPB spokesman Phil McCabe. “Our simple message is to throw the let... »

Data Protection Act: How to comply with the law

Data Protection Act: How to comply with the law

‘Data protection’ can be an intimidating phrase for a start-up or small business owner like you; for many, it conjures up images of blinking data banks, difficult-to-understand legislation and expensive litigation. There is also a common misconception amongst business owners that the law only applies to large corporations, digital businesses, or companies that use customer information as a commodity, such as marketing firms. This is not the case – the Data Protection Act applies to virtually every business, including sole traders. Any customer information you handle – including names, addresses, photographs, card details and phone numbers – will be subject to the law on data protection. It is vital you understand the law, as failing to obey data protection regulations can lead to a fine of... »