Magazine article Management Today

Crash Course in ... Protecting Personal Data

Magazine article Management Today

Crash Course in ... Protecting Personal Data

Article excerpt

You've received that letter from HM Revenue & Customs warning that your personal data are among the 25 million lost on a disc, and it occurs that perhaps you should take a close look at just how safe is the data held by your own organisation.

Find out what you've got. An audit or review of the data you hold is the first step towards protecting it. 'Look at the data you are holding in different classes - for example customer or employee data,' says Simon McDougall, head of Deloitte's UK privacy and data protection team. 'You need to get a feel for the volume of data in each class, how it is used, and where it is held.'

Evaluate your overall risk profile. The sensitivity of the data, and the consequences if it got into the wrong hands, should help determine the level of investment and detail you need to apply in protecting it. Organisations in health or financial services typically need to devote greater resources to the issue than those in food or transport.

Adopt a standard. ISO 27001, based on BS 7799, sets out the requirements for an information-security management system, and covers policies as well as controls in the areas of people, process and technology. The main legislation you need to comply with is the Data Protection Act 1998.

Encrypt. The first question asked when data is lost is: 'Was it encrypted?' Mick Gorrill, assistant commissioner at the Information Commissioner's Office, says: 'It's essential that before a company allows personal information to leave its premises on a laptop there are adequate security procedures in place to protect personal information - for example, password protection and encryption. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.