We woke this morning to hear that the Information Commissioner (he who supposedly regulates how organisations keep personal data) has finally sunk his teeth into two serious occurrences of data loss - the organisation A4E were the recipient of a £60k fine for the loss of an unencrypted laptop, and Hertfordshire County Council are fined £100k.
Both fines are significant sums for the organisations involved.....so for others handling or processing personal information - be they businesses, employers, councils, banks etc, its essential that all understand our own obligations.
The Information Commissioners website has some useful resources for the small business:
Do you need to register as an organisation processing data?
Failure to notify is a criminal offence by the way. Most smaller businesses who need to register will fall in the £35 per year category.
There is a whole load of other useful info on there about what the public can ask to see, sending data overseas, and perhaps most importantly in view of the above, the security measures your organisation should take.
Some businesses see all this as a bit of a chore, and yes it is another layer of compliance for small businesses. But the reality is we have a responsibility to those our businesses interact with, and if we can't guarantee the safekeeping of their personal information, should we really be in business?
No comments:
Post a Comment