Disclosing data breaches

The European Commission is making changes to data protection laws and warning that organisations need to take data protection seriously.

Destroying confidential customer data in every type of business is now a legal and Europe-wide necessity.

In the UK the Information Commissioner's Office is imposing large fines on organisations and businesses found guilty of breaching the Data Protection Act (DPA).  Now, the European Commission is warning businesses of all sizes that store customer data that they will soon be forced to publicise any data breach they might suffer.   

Although many businesses are conscious of their confidential data responsibilities and have data protection policies in place, more can still be done.

For businesses the risks of breaching data protection legislation include brand damage and loss of faith, as well as the financial and legislative penalties.   

Tips to prevent data leaks in your business

  • Create a confidential data policy - if you don't have one already you are already in the high risk category for being a victim of data theft.
  • Store and dispose of data safely - don't assume that binning it is the end of the matter. Criminals often rifle through bins in car parks where confidential data has been poorly disposed of.
  • Destroy data properly - Arrange for a properly accredited company to help store, collect and securely destroy information. Ensure you know where your data is heading. Even better, have your data destroyed on site, using a mobile shredding vehicle and watch the destruction.
  • Check identities - use credit reference agencies to verify the identity of your preferred suppliers.
  • Secure your accounts - don't allow bank details to escape into the public domain.  Thieves are adept at falsifying signatures.
  • Inform staff - train staff on how to deal with confidential data properly and monitor their behaviour. Remember, most fraud is committed by people who work within the organisation.
  • Beware of carrying large amounts of confidential data on unencrypted laptops, data sticks or mobile devices such as Blackberrys and iPhones. These small portable gadgets are magnets for thieves who can exploit your confidential information.

Anthony Pearlgood is the Commercial Director of shredding company PHS Datashred.  He was formerly Chairman of the BSIA's (British Security Industry Association) information destruction section.

Image courtesy of Michael David Pedersen via Flickr.