REGULAR CHECK-UPS ADVISED AS TOP DATA PROTECTION PRIORITY
While announcing data protection guidelines for small and medium sized businesses (SMBs), the UK’s Information Commissioner’s Office (ICO) has also recommended that charities undertake a data protection check-up, as they handle sensitive information such as individuals' medical details which are more susceptible to encountering a serious data breach.
Louise Byers, Head of Good Practice at the ICO, said: ‘We are aware that charities are often handling extremely sensitive information relating to the health and wellbeing of vulnerable people. With these organisations often lacking the money to employ dedicated information governance staff, there's a danger that many charities may struggle to look after people's data. We are now calling on these organisations to use the summer period to check that their data protection practices are adequate and get in touch before it is too late.’
Sam Younger, Chief Executive of the Charity Commission stated: ‘Trustees are responsible for ensuring their charity complies with relevant legislation – including the Data Protection Act – and for protecting their charity's reputation. Mishandling sensitive data not only causes individuals serious distress, it can also damage the good name of your charity. So I encourage trustees of charities that handle sensitive data to take note of the ICO's guidance and consider taking part in an ICO advisory visit’.
Within the ICO’s new guidelines for SMBs, it is recommended that organisations should train staff in data protection, use encryption on portable devices and only keep people's information for as long as necessary.
The ICO’s top five Data Handling tips are :
Part of any good security policy is to establish a comprehensive understanding of where critical information is stored on network resources. Data discovery is an essential data protection component, which provides organisations with the visibility required to identify obscured risks associated with unsecured, unstructured and sensitive information. Through regular data auditing, organisations can identify unsecured information or breaches in information protection policies enabling appropriate proactive responses.
On-going identification, monitoring and securing of sensitive corporate data, as well as client information such as personal data is essential. The implementation of appropriate security measures, which protect the confidentiality, integrity and value of that sensitive data including the control of legacy information are vital to ensuring the validity of any information security strategy.
Article Source: SC Magazine
Author: Kieran Caulfield, Sales Director, PixAlert - 21 August 2012