A new law coming into force on April 6th this year is set to slip under the radar of the vast majority of businesses. The Information Commissioner’s Office (ICO) will begin to crack down on breaches of the Data Protection Act, following a number of high profile cases reaching the public spotlight in the last few years.
Scandals such as the HM Revenue & Customs losing track of information on 25 million families receiving Child Benefit in 2007 and the widely publicised incident of the laptop left in a London taxi by an MI5 employee containing top secret Ministry of Defence plans, led to the (ICO) requesting greater powers to clamp down on organisations not taking data protection seriously.
Whilst sectors such as law and financial services have been punished by their own regulators in recent years, the private sector has been largely ignored due to a lack of regulation, but this is set to change under the new laws.
Businesses will be forced to look at whether they are taking adequate steps to ensure they protect the information they hold on their Employees, Partners, Customers and Suppliers. In the event that Data Protection laws are not being fully complied with, businesses could be facing penalties from hefty fines right through to suspension of trading.
Of major concern to the ICO is an area which will resonate widely with an incredible number of businesses; namely the ability for staff to steal sensitive data, by downloading this from corporate systems to personal devices or memory sticks. This type of corporate theft is becoming an increasingly common issue right through both the Public and Private sectors.
So how should businesses go about protecting themselves and more importantly, their data? Well, for the average small to medium business, this is nothing short of a nightmare. Controlling access to information without being overly restrictive is a fine balance. Locking down systems too much means that staff productivity declines, yet leaving access wide open creates major compliance issues.
Gary Collins, CIO at Intercept commented, “It really boils down to how good the business IT platform is. Ideally this needs to be flexible enough to manage a wide variety of data access requirements. For example, it is much easier to restrict access to data for office based staff than for mobile or home workers, as simple IT policies can be put in place to prevent data being copied, removed, or deleted. However, as soon as access is made available to staff when they are outside of the businesses premises, a whole different dynamic exists.” Collins added, “Data residing on laptops and other devices creates a huge security issue, but in today’s fast paced business World, it is almost a given that certain staff need access to a whole variety of data when they are on the move.”
Intercept’s Chairman, Ian Readman stated, “We recognised that data protection would become a huge issue after the story broke about the MoD laptop being left in a London taxi back in 2001. As a result, Intercept designed a number of solutions to help businesses better protect their data, whilst still being able to allow staff to access it when and where it was needed.”
Intercept’s online services can prove an excellent solution for small to medium businesses, due to the fact data is stored on server farms in purpose built data centres, designed specifically to host and protect business data. Services such as onlinedesktopTM deliver Enterprise computing, without data ever having to leave the data centre. Readman added, “We can offer different levels of access for each individual user and can actually lock down the service to stop staff from being able to copy information from our servers to their devices, whether they are PC’s, laptops or memory sticks. Our online services provide this functionality right out of the box and almost any business can therefore immediately see improved levels of compliance.”
In addition to its range of online services, Intercept also provides Consultancy services for those larger businesses requiring advice on how to become data protection compliant. With numerous existing customers in both law and financial services, Intercept is well versed in the issues facing those businesses with strict regulators. Gary Collins concluded, “With the ICO set to clamp down on breaches of the Data Protection Act, every UK business must be mindful of its responsibilities. It will therefore become more and more imperative to have an IT function which is not only designed to meet new compliance requirements, but one which is flexible enough to meet future changes in data protection laws.“
If you are concerned how these laws may affect your business and are interested in finding out how Intercept may be able to help you, they can be reached on (020) 7743 0100. Alternatively, visit their web site at
www.intercept-it.com