Protecting the precious

Uncategorized

25 August 2008

Well the news again today is of a major data loss at a worldwide hotel group. This comes shortly after another UK incident that saw the personal details of many of those detained at her Majesty’s pleasure lost.

While many of these data losses have been on a vast scale, it doesn’t mean that smaller businesses and organisations are invulnerable. If one looks at it the other way round, the same rules apply. While targeted attacks against a large organisation can yield major hauls, a vulnerability in a commonly used system could yield a large number of vulnerable users that can then each yield some results. Therefore, it would be naive to think that the headline grabbing data losses of recent months being concentrated among large organisations means that small businesses or not targeted; they are.

Also, the data protection commissioner does not care about what size you are, only whether a breach has occurred. In such a climate it is probably a good idea to understand your own risk and then act where a weakness is found. The data protection commissioner is far more willing to help where an organisation has identified a problem before breach has occurred than after. Advice is readily available to those who ask, even in hypothetical situations.

 

advertisement



 

When smaller organisations are by definition going to have less to spend on data security, it is wise to ensure that what resources you have are well employed.

This extends to non-technical elements as well as the technical. Who has access to private data that your organisation holds? Do they need that access? Are passwords and restricted access applied where necessary? Are storage media protected and backed up?

If all of your protections are in place, it is worthwhile looking at the next levels too, such as obligations under the various bits of data legislation. Would you be prepared if you received a data query from a current or former customer? Or, if the data protection commissioner knocked on your door, can you justify the records kept and how they were gathered?

It is worth knowing what you need to be able to do to meet such requests, as knowing will allow you assess your risk exposure. Should you be unable to meet such requests, there are fines and penalties that no small organisation needs.

Data protection is something that needs to be high on everyone’s agenda, but lest small organisations get swept away by a wave of schadenfreude, the current focus on data loss should be the catalyst for everyone, large and small, to get their house in order when it comes to data.

Read More:


Back to Top ↑