Every business gathers personal data. It doesn’t matter if you are a sole trader or multinational company you will store information about the people using your business in some form or another. This data is sensitive in nature and needs to be protected. The personal data from individuals has the potential to be used in a discriminatory and damaging way. As the majority of this data is likely to be stored electronically you need to ensure it is protected from cyber attack. There are many laws in place to protect data and a breach can incur heavy fines.
It is really important when gathering personal data from individuals that the information is accurate. It is important to confirm the identity of customers using a trusted identity service. This information must then be protected according to data protection regulations.
Data protection laws are designed to legally control the access and use of personal data stored by businesses. Personal data includes names addresses, gender, health records, criminal conviction, sexual orientation and credit history. The majority of businesses will store information from at least some of these categories meaning that data protection laws must be complied with.
Laws and regulations may vary depending on where in the world you live.
What are my responsibilities as a business owner?
In order to comply with regulations you must ensure that individuals are aware of the need to store their personal data and it must be accurate and kept securely.
It is a requirement to inform individuals about how their information will be used, if it will be shared with people outside of your business and how long the data will be stored for.
Any data collected must be suitable for the purpose intended and it mustn’t be excessive. Remember that some of the information may be sensitive in nature especially if it includes health records and sexual orientation.
It would be good practice to have policies and procedures which backup your data protection systems.
How do security breaches happen?
Often security breaches occur due to human error, perhaps staff inadvertently breach data by forwarding emails to hackers, or perhaps staff breach security with malicious intent by viewing, distributing and stealing data.
If your data is stored electronically it is susceptible to cyber attack. Hackers are getting ever more sophisticated on their attempts to steal data. This could be done by phishing email and viruses.
How do I prevent a data breach?
It is essential to have up to date and effective cyber security software installed. It is also essential to ensure that passwords are never revealed, that the passwords are encrypted and that they get changed regularly.
To lower the risk of staff breaching security, provide training and get your staff to sign policies relating to data protection.
Finally be aware of emails that may contain malicious spyware, don’t open them and delete immediately.
Ultimately the best way of protecting your personal data storage is to have strong security defenses, which are updated regularly.