Data Protection

What is Data Protection?

The Data Protection Act (1998) is the protection of any personal data that is in the possession of any organisation, business or government, and how this information is used or shared. There are a set of rules that must be followed called the Data Protection Principles. The Information Commissioners Office (ICO) is in control of the data protection act, they judge whether organisations are using specific data responsibly, or whether they are being reckless with personal files, such as selling information.

Customers have data protection rights, including that all the safekeeping and confidentiality of their personal records. There is even stronger protection for more sensitive personal information, such as ethnic backgrounds, political opinions, religious beliefs, health, sexual health and criminal records.

How Does it Affect Your Company?

Different organisations will have different amounts of personal data; however it is advisable to audit your personal data regularly to get rid of data that you do not need. The ICO can deem it reckless if you keep old data for too long.

Keeping a large amount of personal data without auditing it can also be problematic for organisations for a number of reasons:

  • Older data may be out of date, causing errors or increasing the risk of passing on false information.
  • It is more difficult to ensure that older documents are correct.
  • It is more difficult to locate personal data if there is too much unnecessary data in store.

It is also advisable to put information that you do not need on a regular basis into storage to ensure safekeeping. It is not a criminal offence to keep personal data that does not get used very regularly, however it is a criminal offence to store them unsafely. It is best to outsource your document storage to free up space and also to ensure it is stored in accordance with Data Protection Act legislation. Therefore you should also conduct regular audits to be sure that you are not holding too much data for too long.

If an organisation breaches any of the Data Protection Act’s principles then the Information Commissioner has the right to issue a financial penalty. This is relevant if the company deliberately breaches any of the principles, or if the company knew (should have known) there was a risk of a breach which is likely to cause substantial damage or distress, but failed to take reasonable steps to prevent it.

The maximum penalty that can be issued is £500,000.

Not complying with data protection principles is not a criminal offense; however there are multiple ramifications for being careless with people’s personal data. People may demand compensation for any harm caused, you may need to pay a penalty given by the ICO, but most of all it is bad publicity and negative for your brand name.

Data Protection Case Study

Sony Computer Entertainment Europe was fined £250,000 in January 2013. This is a result of the Sony PlayStation system being hacked in 2011, putting personal data such as payment card and login details at risk. The ICO decided that their security system was not strong enough to withstand the hack and that they should have been stronger.

Sony was responsible for keeping all of this information safe from hackers, and therefore received the fine as the ICO said that it could have been avoided. (SRC: BBC News)

About Secure Data Management

At Secure Data MGT we have over 25 years of document storage experience and we offer an auditing and storage service that minimises the risk of Data Protection breaches. We store in access controlled, weather and fire proof centres with 24-hour security and CCTV. On top of this, we help with the auditing of your documents to improve processes and workflow. Get in touch!

What is the Data Protection Act?

The Data Protection Act (DPA) is a United Kingdom Act of Parliament which was passed in 1988. It was developed to control how personal or customer information is used by organisations or government bodies. It protects people and lays down rules about how data about people can be used.

The DPA also applies to information or data stored on a computer or an organised paper filing system about living people. Organisations that do not adhere to the rules set out by DPA risk prosecution by the Information Commissioner’s Office (ICO) where fines can reach up to £500,000 and even imprisonment.

The Data Protection Act was replaced in May 2018 by the General Data Protection Regulations (GDPR).

Why is the Data Protection Act important?

The Data Protection Act is important because it provides guidance and best practice rules for organisations and the government to follow on how to use personal data including:

  1. Regulating the processing of personal data
  2. Protecting the rights of the data subject
  3. Enabling the Data Protection Authority (The ICO) to enforce rules
  4. Holding organisations liable to fines in the event of a breach of the rules

The DPA’s rules are very thorough and cover rules around sharing of data, and data security. At the heart of it are eight common sense rules known as the ‘data protection principles’ that all organisations collecting and using personal information are legally required to comply with.

The law provides stronger protection for more sensitive information such as:

  • Ethnic background
  • Political opinions
  • Religious beliefs
  • Health
  • Sexual life
  • Criminal history.

How can you successfully meet data regulation standards?

Ensuring you have the right technology, processes and people in place to handle the quality of the data that you hold was a key part of thriving under the DPA (and now the GDPR). Important activities you should consider include:

  1. Regular evaluation of the quality of the data that you hold and are continuing to collect. Contact Data Validation and Data Cleansing are good ways of doing this.
  2. Ensuring you have the right roles and responsibilities set out for your data’s management including the focal point of a Data Protection Officer.
  3. Analysis and profiling of your data to identify any potential gaps or issues that could cause problems to arise.

Reference:

https://www.edq.com/uk/glossary/data-protection-act/

Data Protection – What Is It And How Does It Affect Your Company?

Leave a comment