data protection reminder issued after trader fined
DESCRIPTION
Companies will often generate large quantities of data in their everyday activities, but they will also handle that of their customers – and ensuring it is secure is important for both parties. http://www.storetec.net/news-blog/TRANSCRIPT
Data Protection Reminder Issued After Trader Fined
Facebook.com/storetec
Storetec Services Limited
@StoretecHull www.storetec.net
Companies will often generate large quantities of data in their everyday activities, but they will also handle that of their customers – and ensuring it is secure is important for both parties.
A reminder of the potential consequences of failing to do so was delivered by The Information Commissioner’s Office, after a sole trader was fined £5,000 for non-compliance.
Jala Transport, a loans company based in London, fell into the very obvious trap of storing vital data on a hard drive, which made it vulnerable to loss and theft. Sure enough, when the proprietor of the business stopped his car at the traffic lights on August 3rd 2013, an opportunist thief managed to gain entry into the vehicle and stole a briefcase containing the hard drive – and with it details of the accounts of 250 customers.
Although it was password protected, the data on the drive was not encrypted and details of the names, addresses, ID documents and repayments made by the customers were all accessible to whichever criminals could get their hands on them.
However traumatic the theft may have been for the trader, the fact was the loss of secure data could have been prevented by using offsite backup or using secure document scanning.
This point was made clear by ICO head of enforcement, Stephen Eckersley. Announcing the penalty, he said: "We have continued to warn organisations of all sizes that they must encrypt any personal data stored on portable devices, where the loss of the information could cause clear damage and distress to the customers affected.
"While the circumstances of this case are unfortunate, if the hard drive had been encrypted the business owner would not have left all of their customers open to the threat of identity theft and would not be facing a £5,000 penalty following a serious breach of the Data Protection Act.
"The penalty will have a real impact on this business and should act as a warning to all businesses owners that they must take adequate steps to keep customers’ information secure."
Such a loss will certainly be keenly felt by the trader, who also had £3,600 in cash taken during the robbery. Considering the shock the event must have caused and the sense of guilt involved at letting down customers, this will have been a hard lesson learned.
The ICO group manager for technology Simon Rice has stated in his blog that encryption technology is widely available and does provide assurance against the potential loss of data, although users should be aware of "the type of protection a particular encryption product offers and the circumstances under which personal data will be protected from unauthorised or unlawful access."
However, using encryption for data in the office or contained on a laptop may only be half a solution to the problems of maintaining security. True, it might mean that when items like laptops fall into the wrong hands the criminals cannot access the information inside, but it could also mean the data is out of the hands of its owner, so a company may still be left with the problems arising from a loss of information.
For this reason, having the data stored elsewhere is necessary to ensure it remains accessible and secure off-site backup with a secure storage provider may offer the perfect solution.
By doing this, a company will be able to recapture the data it has lost if a hard drive or disc is lost, stolen or damaged beyond repair – such as in a fire. Indeed, off-site backup has the usefulness beyond encryption alone of being able to protect against the loss of data from disaster and mishap as much as outright theft. After all, if a laptop is burned to a crisp in a fire, it will be the data backup that matters rather more than encryption.
Indeed, the latest figures suggest a growing number of firms are turning to data storage as a means of back-up. Recent research by International Data Corporation indicated global storage software returns were up 4.1 per cent in the second quarter of 2013 from the first three months of the year, making this sector worth £2.2 billion.
So while some get fined for losing unencrypted data, others are ensuring their back-up and security is as good as it can be.
Storetec News/Blogs. "http://www.storetec.net/news-blog/data-protection-reminder-issued-after-trader-fined/". Data Protection Reminder Issued After Trader Fined. September
30, 2013. Storetec.