Christmas is approaching, we’re all tempted to start getting into the festive celebrations but before you put on the paper hat and crack open the sherry, consider how well your business is protecting the data that it holds. If you don’t then you could be left with a serious new year hangover once all the fun and festivities abate and the ICO moves in. Here’s why:
Data protection is evolving
Data protection regulation and best practice is constantly evolving so this isn’t an area where any business can afford to sit still. Compliance is a big issue for many organisations that don’t yet have a handle on what is required in order to manage the data in their care – and the changes that are on the horizon. Penalties for not following data protection requirements are delivered in the form of some fairly hefty fines. For example, the FSA recently fined a building society £980,000 as a result of the loss of a laptop that was full of confidential customer data in a situation where there were no adequate risk management processes in place. It pays to stay on top of what is expected of your business and to continually redefine data protection strategy.
Threats are on the rise
There have been plenty of examples in the news this year of attacks on huge, prominent businesses where confidential customer data has been compromised (TalkTalk being perhaps the most recent). All the indications are that the valuable currency that data represents means that it will continue to be a target for hackers and those looking to make an easy buck from breaking in to other organisations and helping themselves to what they find. Not only that but it’s not just the big businesses being targeted either – SMEs are increasingly being targeted as a result of the assumption that security will be less effective in a smaller organisation. Meanwhile, both the Law Society and the American Bar Association have started to recognise that law firms are a likely next target, as they are “a treasure trove that is extremely attractive to criminals, foreign governments, adversaries and intelligence entities” (Harvey Rishikof, co-chairman of the American Bar Association cybersecurity Legal Task Force).
A data protection breach can be costly
We’ve already mentioned the financial penalties likely to be imposed by bodies such as the Information Commissioner’s Office where adequate data protection measures are not in place when an event occurs. However, there is a deeper cost to poor data protection planning that relates to the trust that customers lose in an enterprise that will take their fee but isn’t capable of protecting their information. Where data is compromised customers must be told, and where customers discover that their information is not safe attrition rates can be high. There is evidence to suggest that up to 50% of those lost clients or customers will never return to a business after a data breach and some may choose to take legal action, adding another layer of loss to consider.
Find out more about your data protection and information governance this Christmas by giving us a call on 020 7253 4311