For businesses of any size, ensuring the accuracy, integrity and security of data is essential.
Under the Data Protection Act (1998), data controllers are required to take 'appropriate technical and organisational measures' to protect personal data from unauthorised or unlawful access or use, as well as preventing accidental or malicious loss or damage.
The principles of the act cover how data is stored, accessed and transferred to protect the subjects of that data, be they your customers, suppliers or employees.
Data breaches can affect anyone
Data breaches can affect businesses of any size and may have serious consequences. For instance, in January 2013, electronics giant Sony was fined £250,000 after millions of PlayStation Network customers' data was stolen.
The implications of a data breach for smaller firms can be considerable, which is why ensuring protection is in place when handling data is a key priority for any business that uses information technology.
Here are five key data protection measures that can be taken by your business:
1. Define a clear IT policy
Implementing a clear IT policy is one of the most effective ways to ensure the integrity of your data. Use permissions to ensure employees can only access the information that is relevant to them and make sure they use secure passwords.
Passwords should also be changed regularly in order to minimise breaches.
2. Watch contractors and third parties
Negligence by contractors is one of the most common reasons organisations suffer data breaches in the UK.
Establish a written contract which ensures any contractors and other third parties adhere to data protection principles and best practice.
3. Secure email attachments and documents
It's important you understand when it's appropriate to use email to transport data.
Email attachments which include sensitive or confidential data should always be encrypted and password protected. The password for any documents should be communicated verbally (in person or via telephone) to ensure the data can only be accessed by the relevant parties.
4. Invest in antivirus protection
You should invest in appropriate virus protection and security software to maintain the integrity of your IT systems and prevent hacking.
This will not only help protect your data from theft, but also keep your technology safe from corruption and other problems.
Use a firewall to control access to the data you hold and implement secure remote access if you need employees to access data when away from the office.
5. Know how to handle a breach
Even if you take every possible precaution, it's still possible for a security breach to occur.
If this happens to you, make sure you have procedures in place to help you deal with the situation.
You may also wish to take out professional indemnity insurance, which can protect your business from customer disputes arising from loss of their data or documents.
Michael Howard writes on behalf of Markel UK, a specialist online insurer providing cover for professionals, professional practices and consultants.