Data Protection is becoming more and more important in a world that finds us living more and more of our lives via an electronic medium, but what exactly can businesses do to ensure that the personal details they hold on us are safe?
In 1998 an Act of Parliament defined the UK law on processing of any data on a indentifiable living people, although the Data Protection Act 1998 doesn’t actually mention privacy, it was enacted to pull the UK law into line with the EU data protection directive of 1995, an act that requires all Member States to protect people’s fundamental rights and freedoms – Particularly their right to privacy with the respect of the handling and processing of personal data.
Below are some tips for keeping the data you hold safe and complying with the Data Protection Act 1998, many of which are common sense, however to completely protect yourself you may wish to go on a specialist Data Protection Course to ensure that you don’t fall through any loopholes.
Although computers are by no means the only way to hold personal data, they are probably one of the most common places that you will find you are storing personal data, but how to protect it?
- The most obvious way you can start to protect any data you hold is to install a repuatible anti-virus, anti-malware, and firewall program on your pc.
- Set the operating system you use to recieve any automatic updates to ensure that any possible security breaches are patched quickly.
- Download any patches or security updates for any software you use on your computer, particuarly those that are responsible to be used to store data.
- Only allow staff access to the information they need to do their job, and ensure that they all have and use their own passwords so you can track who has accessed the data.
- Encrypt any personal informaton you hold electronicaly, espcially anything that could cause damage or distress if lost or stolen.
- Take regular back-ups of any information held on your computer system and keep them in a seperate place so if you loose the computer to theives or damage, you don’t loose the data.
- Make sure when replacing your PC you securely remove all personal information securely, either by using a specialist program, or by physically destroying the hard disk.
- Respectable anti-spyware is also advisable. Spyware is often accidently downloaded with other files and downloads, sometimes just by visiting a webpage, they are programs designed to secretly monitor your actions on a computer and can capture and pass on passwords, bank and card details. Anti-spyware software will help protect you from these potential threats.
An extension of the above tips is security while using emails, these include:
- Re-read your email before sending and consider weither the content of your email should be sent as encrypted or password protected
- Make sure that you are sending the email to the right person, many email clients try to be “helpful”” and suggest email addresses, if you email several people with similar names the auto function may bring up the wrong address.
- If you are sending an email to a large group of people but don’t want to share their email addresses with other people, make sure you select bcc rather then cc, if you use cc then every one who recieves the email will see all the addresses it was sent to.
- Some email clients allow you to make groups of contacts, if you are sending to a group, ensure that everyone in the group is someone you want to recieve the email.
- If you are sending particuarly sensative information, you may want to check how secure your recipient’s arrangements are before you send it. Even emails that are sent from secure servers are a threat if they are going to an insecure recipient.
Faxes are becoming less popular as they are being superceded by more modern forms of communicaion, but there are still businesses that use them, if your company is one of them, then you should read the following advice:
- Consider if the information you are sending would be better sent by another means, for instance courier or secure email.
Make sure you only send the information that is requested – i.e. if you are asked by a solicitor to forward a statement, only send the statement specifically asked for, not all the statements on the file.
- Double check the fax number you are using, it may be worth you having a directory of previously verified fax numbers.
- Check you are sending the fax to a recipient with adequate security measures in place. It shouldn’t be sent to a fax in an office where anyone has access to view the fax coming in.
- If the fax contains sensative information, call the reciepiant and ensure they are at the fax machine and ready to recieve the document, and that there is enough paper in the machine for the whole document.
- When the document has been sent, it would be worth phoning or email the recipient to ensure that the fax has been recieved.
Use a cover sheet so that it is clear who the information is for, and if it is confidential or sensitive without the person collecting the fax having to read the contents to find out.
Other business Data Protection tips:
It isn’t just electronically stored or distributed data that is covered by the Data Protection Act, it also details what should be done with paper based data.
- Ensure that all sensative data is stored securely, ideally under lock and key at all times.
- Check the physical security of your premises to ensure they are secure.
- Spend some time training your staff:
- Make sure they know what is expected of them
- Make them aware that people may try and trick them into giving away details that they shouldn’t have and how to combat them.
- Make it clear that they could be procecuted if they dilberately give out personal data without prior permission.
- to use strong passwords, passwords of at least 10 characters that are a combination of upper and lower case letters, numbers and even special characters like asterisks or currency symbols.
- never to send offensive emails about anyone, their private lives, or anything else that could bring your business into disrepute.
- to recognise fake emails that may be claiming to be from official sources asking for personal data.
- to never open or respond to spam, even to “unsubscribe” as this will confirm the email address. Ensure they delete it or install spam fiters to ensure that the spam is less likely to get through.
If you would like more information on this, then you can get some great advice from other sources, including the governments “10 steps to cyber security” or the governement and business sponsered website “getsafeonline.org” or the ICO who have many useful guides and articles on the subject of Data Protection.