Jack Straw, the secretary of state for justice, has ruled that The Information Commissioner’s Office (ICO) has the power to levy fines of up to £500,000 to organisations which seriously breach the Data Protection Act.
The root of the problem lies with the ingenuity and adaptability of the criminal fraternity. Identity theft and fraud has become one of the fastest growing areas of crime, increasing by a phenomenal 36% last year. To give an indication of the scale of the problem, the losses are equivalent to £631 a year, for every household in Britain.
It means that anyone handling personal details, credit card information, addresses, bank account details, etc, for another party is bound by law to protect this data. In the electronic age, when such information can be circulated around the planet in a microsecond, the risk is constant.
Confidential data crime
Recent cases of employees stealing data from employer’s confidential files and cases of confidential data being left in the street only serve to exacerbate fears. The prime reason for the exponential growth in the crime is the casual way many of us have customarily dealt with potentially damaging data.
We leave files lying around on our desks, slip them into unlocked filing cabinets and we take old or unserviceable PCs, laptops and discs to the dump, with the hard drive and memory bulging with confidential data.
In short, the nature of business means dealing with confidential data, relating to bank accounts, mortgages and savings. We absolutely must review and, if necessary, revise the way we deal with this risk.
The clear answer is to change our working practices to make life as difficult as possible for the criminally inclined?or those tempted by the ease of access to other people’s money. All current documents containing sensitive information should be kept under lock and key when not in direct use.
Store rooms should be accessible only to the most trusted staff. Think about where or when a customer, dishonest employee, temporary worker, cleaner or occasional maintenance tradesman could access written or electronic data. Then act to remove that possibility.
If threatened with a penalty the Information Commissioner will take a business’s turnover, sector, size and the data breach into account before considering a fine. This will be determined by:
- Carefully considering the circumstances, including the seriousness of the data breach
- The likelihood of substantial damage and distress to individuals
- Whether the breach was deliberate or negligent and what reasonable steps the organisation has taken to prevent breaches
These heavy fines are a warning to all organisations to destroy their confidential data securely and are part of the ICO’s overall regulatory toolkit. They’re not afraid to use it. The answer is to monitor and control the use and flow of data much more carefully, take extra security precautions and, perhaps most importantly, take some expert advice about disposal of your printed mater, IT equipment and data stored on all manner of tapes discs, microchips and USB sticks.
Destroying the evidence
These materials can now be destroyed highly effectively and efficiently. Perhaps equally as important, these materials can be recycled too, so organisations can fulfill their environmental obligations while protecting themselves from prosecution and their clients and stakeholders from risk. Every business has a responsibility to shred their confidential documents and electronic data. Confidential data in the wrong hands can end in theft, a fine or the downfall of a business.