Data Security

Data Security

Data security is the prevention of unauthorised access to, the abuse of, misuse of or loss of personal data.
Principle 7 of the Data Protection Act states that data must be kept secure in order to prevent loss or unauthorised disclosure.

Safety concept: data security on digital background
Safety concept: data security on digital background

The financial services regulator and the Information Commissioner view loss of personal data as a very serious breach.

Identity theft is feared by many consumers and any risks taken by businesses in this area can lead to high profile media coverage and consumer outrage. This is damaging to the business’ reputation, in addition to the fine which can be levied.

All businesses handling personal data, therefore, are expected to exercise a high degree of risk management in this area.

Physical security

Technical security measures to protect computerised information are of obvious importance. However, many security incidents relate to the theft or loss of equipment, or to old computers or hard-copy records being abandoned.

Physical security includes things like the quality of doors and locks, and whether premises are protected by alarms, security lighting or CCTV. However, it also includes how you control access to premises, supervise visitors, dispose of paper waste, and keep portable equipment secure. Here at George Banco we have a clear desk policy, before leaving work each day you must ensure your desk is clear.

IMG_4263
Leave your desk clear with no sensitive or client information on view

Example

As part of its security measures, an organisation ensures that information on laptop computers issued to staff is protected by encryption, and that desk-top computer screens in its offices are positioned so that they cannot be viewed by casual passers-by. Paper waste is collected in secure bins and is shredded on site at the end of each week.

Computer security

Computer security is constantly evolving, and is a complex technical area. Depending on how sophisticated your systems are and the technical expertise of your staff, you may need specialist information-security advice that goes beyond the scope of this guide. A list of helpful sources of information about security is provided at the end of this chapter. You should consider the following guiding
principles when deciding the more technical side of information security.

  • Your computer security needs to be appropriate to the size and use of your organisation’s
    systems.
  • As noted above, you should take into account technological developments, but you are also entitled to consider costs when deciding what security measures to take.
  • Your security measures must be appropriate to your business practices. For example, if you have staff who work from home, you should put measures in place to ensure that this does not compromise security.
  • The measures you take must be appropriate to the nature of the personal data you hold and to the harm that could result from a security breach.

IMG_4303gb LOGO