Businesses are not taking adequate responsibility for protecting personal data, according a recent survey.

The Open Rights Group have highlighted the need for companies to underpin their data protection policy more securely so that employees and consumers are properly protected. The risk an occurrence of fraud is rising year on year, but according to ORG, there are also significant social reasons why personal data needs to be protected. For example, people on witness protection programmes, or victims of domestic violence trying to escape a relationship are at risk if personal information is not securely held.

Becky Hogge, an executive director of Open Rights Group, advises that data should be minimised, and greater employee training should improve standards of protection. Further, if data is encrypted, and access limited, then the correct authorisation processes will heighten responsibility and accountability.

The Open Rights Group is an organisation which campaigns for the correct implementation and use of digital technology. Where the technology is not effectively used and regulated, ORG believe civil liberties are threatened, and the digital rights of individuals open to abuse. Amongst their objectives, ORG have campaigned on copyright term extension, DRM and electronic voting, freedom of information, and data retention and protection.

The use of personal information by businesses and organisations is governed by the Data Protection Act 1998. All businesses are expected to comply with the Act if they store any quantity of personal data, either employee or customer. There are eight principle rules relating to the use, storage and handling of information. These cover key areas: that information is processed fairly and lawfully, and for specified purposes; information should only be relevant and minimal; it should be accurate, with limited storage time; the data should not be used outside the rights of the individual; it needs to be securely stored, and kept within the European Economic Area.

Personal data is a particularly sensitive area, with even the largest companies and institutes falling short of their responsibility: it is estimated that Whitehall has lost the personal details of 4 million people in the last year, including the loss of the memory stick containing details of thousands of criminals by PA Consulting (a management consultancy working on behalf of the government). A study by Privacy International positioned the UK in their ability to protect personal data. They found that out of the 47 nations included in the research, the UK was failing compared with it’s European counterparts. Simon Davies from London-based Watchdog commented: “[there has been] an increasing trend among governments to archive data on the geographic, communications and financial records of all their citizens and residents”. This means that as larger volumes of sensitive data is held on public sector databases, the line of accountability becomes longer and less effective. This situation is likely to worsen when ID cards are introduced.

However, this problem is not exclusive to large companies; smaller businesses also need to take on the responsibility of protecting their staff and customer data. Without the right safeguards, they risk a rapid descent as reputations are difficult to fix, and because small firms do not have the resources available to pass on accountability issues, the initial investment in the right technology and management system is a wise move.

Bookmark Us
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google
  • Reddit
  • StumbleUpon
  • TwitThis

Our Random Articles

More Links