The importance of responsible data handling for businesses

There have been numerous cases in recent years where businesses and organisations have failed in their duties under the Data Protection Act (1998). Under the law, organisations must do all they can to safely store, maintain and correctly dispose of sensitive information. Failing to do so can leave you open to fines of up to £500,000 and can significantly damage your reputation. Take Japanese electronic gaming manufacturer PlayStation who were handed a fine of £250,000 by the ICO when a hack into their online network leaked the user logins and credit card details of their customers. So, with these dangers in mind what guidelines should businesses follow for storing, accessing and disposing of confidential data?

Data Protection responsibilities

In order to comply with the Data Protection Act (1998) businesses and organisations must adhere to the specific principles when handling confidential information. The first 8 principals rule that information must:

• Be fairly, and lawfully, processed
• Be processed for specific purposes
• Be adequate, relevant and not excessive
• Not be kept for longer than is necessary
• Be processed in line with the rights of the individual
• Be kept secure
• Be transferred to countries outside the European Economic Area unless there is adequate protection for the information
  
  

And the second half of the act sets out the rights to the individual whose data is being handled. They are entitled to find out exactly what information is being held by your business and if they are denied they can contact the Information Commissioner’s Office (ICO) to help them obtain the data. Businesses that fail to adhere to the act leave themselves open to not only fines but also litigation from customers. For instance, if a customer feels that their data has been mishandled and this has caused financial losses or personal distress then they may be able to seek compensation.

You may also be required to register with the ICO – you can use their free online checker to see.

Destroying confidential data

The importance of securely disposing of confidential data cannot be underestimated and businesses face massive fines if their data falls into the wrong hands. Disposing of data through unsecure avenues could lead to data theft and identity fraud – a crime which costs businesses in the UK as much as £2billion every year.

Businesses should have systems in place which identify how long a document should be kept for, who should have access to it and put in place companywide procedures to make sure that systems are followed. All physical information should be clearly marked with destruction dates and physical documents should be destroyed by a trusted third-party vendor. Electronic files should also be securely processed by a specialist third party, as simply deleting files is no guarantee that they cannot be recovered by determined criminals in the future.

Here at Rollingsons we have extensive experience in helping businesses to navigate data protection and privacy issues. For more information or to arrange an initial consultation please contact us on 0207 7611 4848.