Should you invest in encryption services? Keeping data secure is more important than ever before. Fraud and identity theft are on the rise. Your identity is a valuable commodity, but so is the identity of your customers.
Legally you have an obligation to your customers to keep their data secure. In point 7 of the Data Protection Principles it states, “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.” Data encryption is the most secure method of adhering to this requirement. One way to adhere to this policy is to hire an encryption service which can not only encrypt your data, but provide a record as to when and what was done.
Many UK financial companies are looking toward using external encryption services companies as the service provides a layer of monitoring and may prevent costly fines. Financial organizations are required by the FSA to have a strict policy regarding the use of laptops and encryption in place and monitored on a periodic basis. Failure to comply can result in fines to the company ranging in the millions of GBP. In June 2008, the Financial Services Authority issued its first fine to a company for poor data protection practices. Merchant Securities Group was fined £77,000 for having poor security controls and not protecting client details properly.
Recently HSBC was fined almost GBP3.2 million for a data breach. There is no limit to the amount of the fine if included in a Crown Court Judgment. In April 2010 the privacy regulator for the Information Commissioner will be granted a host of new powers relating to the fines it can issue. If the Commissioner’s Office learns of laptops that have been lost or stolen and not adequately protected with suitable encryption, the Commissioner’s Office now will be able levy fines. Reports suggest the fine to HSBC would have been substantially less if encryption services had been employed.
Customers are important to your business. Their identity data is important to them. Not protecting their information will not only damage your business and your customer’s faith in you, but the fines can be staggering. You can continue to do business the way you’ve always done it and take the risk. Or you can play it safe by using encryption services to secure your customers data.
Author Stuart Gilbertson of www.considerit.co.uk
