Data Protection. Small Business, Big Business – Your Business

Keeping data secure is big news. Whether it is the mobile phone hacking scandal, huge fines for sending sensitive documents to the wrong people or files being lost and stolen, the data protection has an impact on all of our lives.  

The Information Commissioner’s (ICO) website contains the following “Leeds City Council was served a monetary penalty of £95,000, Plymouth City Council £60,000 and Devon County Council £90,000 after separate incidents saw details of child care cases sent to the wrong recipients, while the London Borough of Lewisham was issued a penalty of £70,000 after social work papers were left on a train.” 

Nearly everyone, certainly the vast majority of businesses, who keep records of any clients, suppliers or contacts in an electronic format are likely to be subject to the Data Protection Act. In today’s world, that’s virtually everybody. Emails and laptops smart phones and PCs are all covered by the Data Protection Act (DPA) and there is an obligation to make sure that this data is correctly held, process and managed. 

An unexpected outcome of the Leveson enquiry has been the Information Commissioner’s very robust response seeking to extend his powers. Since July 2010 when the power to fine the data protection act breaches commenced, the ICO has already issued £2.5 million worth of fines. Admittedly the vast majority of these have been against public bodies, but private businesses have also featured.  The number of employees has risen over the years from 200 to 350 – enforcement is clearly on the agenda. 

Section 55 of the DPA makes it a criminal offence to knowingly or recklessly disclose personal data about an individual without their consent unless specific exemptions apply. The proposals from Levenson seek to extend the power of the ICO from fining to potentially jail.

 Now clearly, the likelihood of a fine running into hundreds of thousands of pounds or a jail term for small business is going to be remote. However, it does remain a possibility and certainly the Information Commissioner takes into account the impact on the person whose data has been released as well as the type of data and actions taken to prevent such data loss.  There is also the time and effort it would take to respond to any complaint and on-going investigation which must be borne in mind.

Recently the ICO secured a conviction against a bank worker who had accessed her partner’s ex-wife’s bank records.  She had to pay a £500 fine, costs of £1410.80 and a £15 victim surcharge.  She also now has a criminal record.

Being proactive and managing your data in a responsible way is something that the ICO will look for if any complaint arises, ensuring that all data on electronic devices is securely encrypted and stored must be a starting point.  Encrypting electronic items can be done, but you have to be very careful. Once an item is encrypted, if you forget or lose the password it can be locked for ever. 

The best advice is to be proactive and not reactive. Trying to claw back a situation when personal data has gone missing, or has been inadvertently sent to the wrong person, or even has been stolen when there are no checks and balances in place before harder than if you can demonstrate the ICO that measures were in place and procedures were followed. 

This will be the first in a series of blogs looking at data protection for small business, and looking at practical steps that can be taken to make sure that data protection is a top priority, but that compliance doesn’t end up taking over your life.

Decameron Software offer a free health check and advice about securing your electronic items, the practical pragmatic advice about the best way forward. Call us now or drop us an email to discuss how we can put your mind at ease.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: