Where to start with a “Practicle approach to Data Protection”

Customer Data Protection

When someone says data protection people’s eyes glaze over, it’s understandable that the data protection act of 1998 is important not just to businesses but the public in general.

Don’t worry, this article is not going to depths on the data protection act, instead focus on what you can do to protect your data.

This is about BIG companies isn’t it?

No, definitely not, here are some snippits of recent action taken by the Information Commissioners Office:

Lismore Recruitment Limited

A recruitment company has been prosecuted at Ealing Magistrates Court for failing to notify with the ICO. Lismore Recruitment Limited pleaded guilty and was fined £375 and ordered to pay costs of £774.20 and a victim surcharge of £38.

and here’s another:

Parklife Manchester Ltd

The company behind Manchester’s annual festival, the Parklife Weekender has been fined £70,000 after sending unsolicited marketing text messages.

The text was sent to 70,000 people who had bought tickets to last year’s event, and appeared on the recipients’ mobile phone to have been sent by “Mum”.

Let’s look at the simplest way in which you can protect your data. Education is by far the easiest way to protect data on your computer’s and therefore in your network. This means taking time to educate the staff and updating them on a regular basis.

So who should be trained?

The best way to demonstrate the importance of data protection is to top-down learning session where management is trained first followed by junior management followed by the staff. In this way it’s obvious to management as well as the staff the data protection is not something that one person does it is in fact the duty of every employee within a company.

A data breach will affect everybody within the company not just the person responsible but, those ultimately responsible as well.

The training is not lengthy or difficult, but it should be provided by an expert in the field or a company whose expertise is beyond doubt. In-house training on this subject is never recommended as it is only the outsider you can see the issues.

Information Security Awareness Training

Here’s what should be covered:

  • Provide an easy-to-use online 40 minutes information security awareness training course for your employees to log on and learn best information security practices from.
  • Provide best practice course contents of your compliance requirements.
  • Teacher employees in simple non-technical language, how and why hackers hack.
  • Instructor employees in the best methods of protecting your systems and the sensitive information you process.
  • Explain the employees inherent responsibilities for protecting your business information and identifying and reporting suspicious since.
  • Supply this information efficiently and effectively an information security threats risk assessment should be completed. A good threats and risk assessment should answer the following questions:
  • What do I need to protect and where is it located?
  • What is the value of this information to the business?
  • What other vulnerabilities associated with the systems processing or storing this information?
  • What is the security threats to the systems and the probability of their occurrence?
  • What would be the damage the business if this information were compromised?
  • What should be done to minimise and manage the risks?

Answering the questions above, is the first and most crucial step in information security risk management. It identifies exactly what your business needs protect and where it’s located and why you need to protect it in real cost impact terms that everyone should understand.

Kwik Fix Plumbers Ltd

The Information Commissioner’s Office (ICO) has fined a marketing company based in London £90,000 for continually making nuisance calls targeting vulnerable victims. In several cases, the calls resulted in elderly people being tricked into paying for boiler insurance they didn’t need.

In plain English, it points out to every employee within the company exactly what their responsibilities are to the data that is within their grasp on an everyday basis, it tells how to protect it, it tells us why we need to protect it and it points out the consequences to the business of not doing so.

If you would like to know more about how to protect your data then we have managed to secure a 10% discount on training with one of our partners. To obtain your discount code visit this hidden page Data Security on our website. Complete the instructions and when you click submit the link will appear to download the Info-graphic with the discount code.

Don’t leave Customer Da Protection to chance, get yourself and your staff trained on Data Protection and avoid the pitfalls. It’s easier than you think.

Steve Richards

Steve has been involved with computers since 1974 and runs Computer Technical Solutions, a consultancy, in North Wales.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s