Open-access content
9th November 2010
Peter Eglinton reviews the new penalties for breaches of the Data Protection Act, and offers FMs advice on the steps they must take to avoid falling foul of the legislation
by Peter Eglinton
11 November 2010
Many businesses, however, have failed to recognise the security implications involved and may be at risk of violating the data privacy regulations introduced by Christopher Graham and his team at the Information Commissioner’s Office.
New standards ensure that organisations in breach of the Data Protection Act 1998 are reprimanded. The legislation includes harsher financial penalties with fines increasing from £5,000 to £500,000 for companies guilty of serious data protection violations.
Physical and digital information
Regardless of size or industry, businesses face a number of challenges in managing both physical and digital information. The volume of data is constantly growing and proper management of business-critical information – to remain compliant – is vital.
FMs face two issues. Some will face an increase in the amount of information they must archive, while others need to assess exactly what they are required to store.
Furthermore, through careful cataloguing, retrieval systems and indexing, FMs must ensure that data in any format can be extracted easily when required.
One size doesn’t fit all
It might be tempting to consider a one-size-fits-all solution that throws a variety of services together simply to keep costs low (though it may not actually provide a thorough service). However, there’s too much at stake just to benefit from ‘favourable’ rates.
It’s key that FMs understand and implement the best possible information management strategies, not just to minimise the risk of data protection breaches but also to use their information as a business asset.
Balancing act
The challenge businesses face is to balance the free flow of information – an absolute necessity in today’s working environment – with regulation designed to restrict it. Companies need to manage their information effectively to ensure they are compliant and that their data is secure. Furthermore, they must ensure that the data is accessible and can be used to benefit the business.
As many as 72 per cent of companies say it’s harder to find information they own than information they don’t (source: The Association for Information and Image Management). For a busy FM balancing practical constraints, such as storage, with compliance with the new legislation, it is vital to know what needs to be stored, where, and the best way to do it.
Never underestimate
FMs must recognise that the risks involved in a data breach goes far beyond the financial implications. Compounding the cost of business recovery is the serious damage to reputation and customer loyalty. The new fines have not only sharpened the focus on data privacy and information management, they have also forced businesses to reassess the extent of the impact that inefficient and non-compliant data management will have across their organisation.
Disposal issues
Companies must ensure that their data management strategies include safe information disposal. A comprehensive policy should outline the procedure for information disposal, whether by physical shredding or digital destruction.
This will be a challenge for FMs as the workforce becomes more mobile. Procedures must be in place to ensure information is securely disposed of as the boundaries between home and workplace are blurred.
The weakest link
Even with all the technical and regulatory controls, the human factor will always be the weakest link, whether the breach is accidental or deliberate. While no data management system is foolproof, companies can take action to minimise these risks as much as possible.
Finally, whatever you do, don’t underestimate the determination of the Information Commissioner. With the new data protection legislation, Graham has sent out a clear message of intent, backed up by hugely increased financial penalties.
Minimising the risk of a data breach in your organisation should not just be a consideration – it must be a priority for the entire business. Getting it wrong, or overlooking anything that could lead to a significant breach, could be nothing short of a disaster under this new order.