Organizations face range of threats from data protection breaches

30 March 2012

Posted by John Bull

There is an array of potential consequences associated with a data protection breach, including customer complaints, bad PR and fines.

With the Information Commissioner's Office (ICO) in the UK able to impose fines of up to £500,000 for the worst breaches of legislation and plans by the European Union to tighten its regulations, increasing the penalties that can be issued, it is more important than ever to improve standards in this area.

Data Defender has pointed to the many threats posed by a failure to safeguard information, including the possible loss of customers, complaints and bad PR.

The organization's Director, Graeme Batsman, explained that this is in addition to the problems that can be caused in relation to compliance, share prices falling and shareholders' confidence in a company.

He added: "The most common [problem] we see around data is the actual device, not a network problem."

Mr Batsman advised it is often the structure and encryption of data that is linked to incidents and rather than simply "plonking in an anti-virus system", firms should impose strict information security standards to safeguard against technology such as laptops, CDs or memory sticks going missing or being stolen.

The ICO recently took action against a company in Warwickshire following a breach of the Data Protection Act relating to the treatment details of around 2,000 patients after its Patient Medication Record system was stolen.

Pharmacyrepublic has committed to taking steps to safeguard information more effectively after the incident was reported to the ICO in September 2011 while another provider was assuming responsibility for one it its pharmacies.

The company failed to ensure the password- protected system, delivered through another business, was securely returned to it.

Stephen Eckersley, Head of Enforcement at the ICO, warned: "This incident should act as a warning to all healthcare providers - your data protection obligations do not end while the personal information of your patients remains on site and in your control."

 Your basket
Your basket is empty