If you’re a business, organisation or government body that handles personal data, then you’ll be familiar with the requirements laid out in the Data Protection Act (DPA). Introduced in the 1990s to protect individual privacy, the DPA established guidelines and policies on the safe use of personal information by UK organisations. Organisations without a compliant data management strategy, or organisations that fail to protect the data they handle, face prosecution and fines under DPA legislation.
However, the world of technology has changed immeasurably since the development of the DPA in the 1990s. Back then, it was only the largest companies that had the means to collect and store significant amounts of data. In contrast, thousands of SMEs and other organisations now collect, store, move and access data with ease thanks to modern data collection methods and the exponential rise of online communications and digital data.
Since the implementation of the original DPA, cybercrime and data breaches have skyrocketed. Major data breaches have been numerous and hugely costly, with UK companies losing more than £1billion to cybercrime in 2016 alone. And it’s not just businesses and SMEs that are vulnerable to data breaches – local government, education and the health sector also face high risks. For example, many will recall the NHS’s devastating security breach earlier this year that compromised the medical records of 26 million patients.
In light of these changes and breaches, in just six months’ time (on May 25th 2018, to be precise), the DPA will be replaced by the General Data Protection Regulation, a new European personal data regulation with far greater scope and much tougher punishments for those who fail to comply with its strict rules around the storage and handling of personal data. While it has many similarities to the current DPA provisions, GDPR places greater significance on transparency and accountability. Organisations will therefore need to consider whether their current data protection methods are up to scratch to ensure compliance and avoid prosecution.
The Data Breach Dangers: Some Stats
The Information Commissioner’s Office (ICO) is the UK’s independent authority dedicated to upholding information rights in the public interest and promoting openness by public bodies and data privacy for individuals. It is this organisation that puts the DPA into practice and handles prosecutions relating to breaches of personal data.
Recent research by the ICO into data security incident trends has brought to light some shocking figures. In the 2014-2016 period, two thirds of sectors experienced an increase in data breaches, with the courts and justice sector seeing the biggest rise in data breaches with a 500% increase, followed by insurance with a 317% increase and general business with a 157% increase. In addition, while hackers and ransomware attacks often feature in the headlines, according to figures from the ICO’s 2016 reporting it’s actually human error that’s behind around 60% of data breaches.
The ICO’s 2017 research shows that there has also been a 46% increase in email-related data breaches and a 20% increase in the loss or theft of paperwork. During this same period, ICO fines for failing to protect personal information have been issued to organisations across retail, local government and the criminal justice sectors and have ranged from £55,000 to £150,000.
Solutions: What Can You Do to Stay Secure?
First and foremost, organisations need to ensure that they’re prepared for GDPR. This means developing a holistic understanding of their current data security measures, and carefully considering how data is produced, handled and treated. They must also assess whether data is released in the correct manner – key areas to consider here will be email encryption and the secure storage and destruction of documents. At Stor-a-File, we’re specialists in these latter two recommendations and can help you to put together a strong, secure system that protects your data and helps you to comply with GDPR.
Offsite Secure Storage
To prevent the loss or theft of personal data in paper or electronic formats, it’s vital that personal data isn’t left insecure. Storing confidential files offsite in a dedicated, secure facility ensures that documents are properly locked away with limited access. Each of our six highly secure storage sites have been specifically designed to safely store thousands of documents and is staffed by experienced professionals and implement strict handling and organisation procedures, with all physical and virtual documents that we hold covered under the current Data Protection Act. Learn more about our secure storage services here.
The ICO has also noted that many organisations, in an attempt to be more environmentally friendly, have used shredded paperwork as packing material. Although the documents are shredded, there is still the potential that some information may be visible. Alternative packing materials are advised. Additionally, it may be worth considering whether your in-house shredding processes offer high enough levels of data protection. Our professional shredding services conform to the strict standards of the BS EN 15713 Secure Destruction Of Confidential Material standard, which means that we dispose of confidential waste in a secure, controlled manner; and that our process is regulated by continual external audits to minimise risk. Learn more about our shredding services here.