Law Management Blog

Just another Blog for Lawyers

Data Protection frailties costing UK businesses

leave a comment »

Companies’ inability to safely retain personal information has been a focal point of recent studies and legislations, pinpointing the blame squarely on the shoulders of lapse management practices.

Technology integration firm, Novell, published its Threat Assessment survey in October this year, detailing the worrying situation for businesses responsible for personal information, while the government is launching increased fines for those companies with loose seams.

Notable results from the survey show that 71% of companies do not encrypt their data on laptops, while 73% are failing to do the same on removable storage devices, such as USB pens.

But the problems do not lie solely in the encryption of company data. A colossal 90% of respondents claim their employees’ access open, non-secured, wireless networks when working outside the office, leaving information vulnerable to the sneaky advances of hackers.

Under new legislations, UK Companies found guilty of data protection breaches could be fined up to £500,000.

The Ministry of Justice (MoJ) Civil Monetary Penalties consultation paper outlines the dangers now facing slack businesses following several high-profile data issues that have hit the headlines this year.

No business, even those operating on an astronomical scale, is free from the dangers of theft and the government is hoping financial fear will reintroduce some caution.

“The Government is proposing to introduce a maximum Civil Monetary Penalty for serious breaches of the Data Protection Act of up to £500,000,” says the MoJ’s consultation.

“The Information Commissioner’s Office will exercise its discretion to assess the appropriate level of any penalty it imposes and will publish detailed guidance setting out the criteria it will use and circumstances it will take into consideration.

“This reflects the importance that Government places on safeguarding personal data effectively and processing it responsibly and lawfully.”

Recently, leading broadsheet The Guardian had its online job site attacked during “a sophisticated and deliberate hack”. Over 10m people access the site’s job pages, inputting required information on employment histories, addresses, and so on. Members have even confirmed that there was more than enough information contained in their account to apply for loans or credit cards.

“It’s very disconcerting to think that some very important details with regards to my identity could be in the wrong hands,” said jobsite user, Paul Rocks.

Officers from the Metropolitan Police’s e-crime unit are investigating the incident, adding administrative pressure and attention that the organisation does not need. Fortunately for those involved, The Guardian claims the attack was thwarted before it could get serious.

On an international level, Zurich Insurance received dubious press over its loss of 50,000 British customer records in South Africa. The stolen material also contained policy information for 550,000 South African and 40,000 Botswana consumers.

And just this month, global mobile phone providers, T-mobile, was involved in the largest data protection breach ever seen on UK shores.

An unnamed employee stole and sold the personal records of millions of customers so that rival companies could target their marketing at those nearing the end of their contracts.

“The number of records involved runs into the millions, and it appears that substantial amounts of money changed hands,” said the Information Commissioner’s Office, now investigating the breach.

Novell has pinpointed the main efforts businesses should undertake to make sure such headline grabbing incidents are not dropped on their doorsteps.

By aiming security practices at “network endpoints”, which include desktops, notebooks, smart phones, MP3 players and thumb drives, employers can wipe out expected avenues of attack.

Monitoring the access to your systems from employees’ homes, or other mobile areas, should help sure-up your system; you may even consider handing out adequate anti-virus software to employees to increase defences.

“Endpoint security threats are evolving at a rapid pace,” said Grant Ho, Senior Solution Manager for Endpoint Management at Novell. “Every day, vital customer data is lost due to lax security practices.”

Reassuring customers that your business is operating on the highest level of security possible is the best way to maintain reputations and develop a customer base, whilst keeping a panicky government content.

However, you can’t plan for human error, so, if like many officials, your employees decide to leave personal details just lying around, it’s probably best to discuss safety precautions whilst quietly showing them the back door.


Written by Andrew Hodges

December 2, 2009 at 10:30 pm

Posted in Comment, LinkedIn

Tagged with , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: