The media love a thrilling story of teenagers infiltrating the US Government via laptops in their bedrooms, but generally the security of Data is a concept overlooked and undervalued by organisations and employers.
As Payroll Professionals, we are at the forefront of Data Protection simply due to the nature of information we process. Having the trust of our customers is key and is one of the incentives in continually developing the software and systems we use to protect the Information we receive and supply.
The Data Protection Act (1988) deems sensitive personal data as:
- the racial or ethnic origin of the data subject
- their political opinions
- their religious beliefs or other beliefs of a similar nature
- whether they are a member of a trade union
- their physical or mental health or condition
- their sexual orientation
- the commission or alleged commission by them of any offence
- Any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings.
Maintaining compliance to the Protection act is pivotal not only to a Business level; the UK Information Commissioners Office has the power to wield the following penalties against any active breach or leak of personal data through non-compliance and negligence;
- Fines of up to £500,000 for serious contraventions.
- Prison Sentences for deliberate or negligent leaks of customer information by any individual within the responsible organisation.
Obviously these are extreme penalties and even with no intervention from the governing body, your Business could still suffer due to a loss of credibility and faith in the service you provide to your Customers.
Businesses of all size should take some consideration of how sensitive data is maintained. It is not simply your computer that is at risk of breach. Paper, in the eyes of many is ever decreasing in its importance and usage in the modern workplace, this is a dangerous mind-set and the security of physical files should be considered an equally important factor as its electronic counterpart.
With Regards to the security of your Businesses information, it may be useful to consider;
- Who within your Business can view sensitive information? – is there a tier system in place allowing various degrees of access to staff dependant on their roles and responsibilities.
- Are sensitive files and documents password protected?
- Do you have electronic backup systems in place?
- Are USB devices permitted on your machines?
- Is there a mobile phone policy for staff in the workplace?
- Is the disposal of physical files secure? – shredding/archiving on or off site.
- Is it noted when non-staff members are present in the workplace? - Outsourced cleaners, technicians, temp etc.
- Highlighting any vulnerable areas in security is as important as understanding the risks of breach and the reasons why you may be left exposed in a particular way. Some factors are unavoidable such as theft, but damage can still be minimalised by encrypting laptops and password protecting USB devices. The most common risks of Security breaches are ;
- Emails falsely disguised as credible companies requesting information such as passwords, bank and employee details.
- Malware viruses and Trojans, infecting and manipulating sensitive Data.
- Password hacking often due to weak passwords and obvious clues.
- Physical copying and distribution of sensitive Data to unauthorised personnel.
- Human Error – sending an email in error, unknowingly disclosing information to those whom it is not relevant.
Data Protection is a necessity in any modern workplace. Negligence can put your company and employees at risk when often only small considerations can significantly minimalise your vulnerability to threats which we must concede is often highly advanced, genuine criminal activity.