What should a business do to protect your data?
Your confidential data has value. Not only to the organisations that use it - either to provide you with services or to sell to you - but also to criminals who want to exploit your information for their own purposes. So, what should you expect when you hand over this valuable asset? Here are some top tips to ensure robust data protection.
Organisations must protect your data
Businesses should protect your data in a range of different ways. Because, when it comes to issues of privacy and data protection, prevention is always better than cure. This includes investing in things like:
- Secure firewalls
- Anti-virus and anti-malware software
- Regular and robust backup processes
- A process for updating operating systems on a regular basis
- Processes that prevent staff members from sharing passwords
- Reliable encryption
- Processes to remove outdated info
- Processes to identify and record what personal data is held and stored by the business
- Compliance with the Information Commissioner's Office (ICO).
Organisations must assess vendor vulnerabilities to maintain robust data protection
It is not uncommon for a data breach to happen because of a third-party. For example, when vulnerable software is used on an organisation's website, or because a specific service has been outsourced. And, while an organisation might seek to place the blame on any vendor who allowed a data breach to happen, they remain responsible. So, if an organisation is entrusting your valuable data to a third-party, the must make sure that this supplier/partner has adequate data security processes in place.
Organisations must make sure their employees understand the consequences of a data breach
Despite fears about cybercrime, human error is far more likely to cause data protection breaches than hackers. Common causes for these breaches include:
- Data being sent to the wrong recipient
- Loss of theft of paperwork
- Failure to redact data
- Failure to use bcc when sending an email
- Unencrypted devices being lost or stolen
So, organisations must ensure that they train their employees on how to maximise data security, and make sure that they understand the potential consequences of a breach.
What's more, 87% of employees take sensitive data with them when they leave a company, whether voluntarily or involuntarily. So, you have the right to expect that any organisation you deal with puts robust processes in place to protect your data against such threats. This includes:
- Ensuring data protection policies are communicated to employees
- Making sure they have robust security systems in place to prevent data theft and errors
- Establishing monitoring processes to detect data theft/errors
- Ensuring adequate policies are in place to deal with issues such as social media use.
Organisations must let you know if they breach your data
The General Data Protection Regulation (GDPR) requires organisations to report certain types of personal data breach to the ICO. It must do this within 72 hours of becoming aware of the breach, (where feasible). If the breach is likely to result in a high risk of adversely affecting your rights and freedoms, the organisation must also inform you of the data breach "without undue delay".
What can you do if you are the victim of a data protection breach?
The ICO can impose hefty fines on organisations that don't meet their obligations under the Data Protection Act. However, the ICO does not award compensation to victims.
If you have suffered damage, distress or a loss of privacy caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. And, at Hayes Connor Solicitors, we know what it takes to make a successful data breach compensation claim.
Our expert, friendly team will advise you on whether you have a valid claim and will be pleased to answer any questions you might have. If you are not sure whether your information has been misused or mishandled, we can find this out for you.
We also understand that making a compensation claim can be stressful; especially where your sensitive information has already been breached. That's why we remove the jargon from the process and make sure you always know what's happening with your case. Of course, it goes without saying that our process is fully compliant with ICO guidance and we never put your details at risk.