Although the Information Commissioner’s Office has been in existence since 1984, it is only in recent years that its powers have really begun to impact on organisations when it comes to the handling and storage of personal data.
The ICO is increasingly taking actions such as criminal prosecution and the serving of monetary penalties on individuals or establishments who have been proved to be negligent and/or in breach of the Data Protection Act.
The most common misdemeanors and offences relate to the careless disposal or loss of personal paper based records and unencrypted laptops and disks. Some examples are a rubbish skip containing employees bank details, employment records and medical information and paper client files stolen from a barrister’s car. Also, unencrypted disks containing sensitive data are often stolen or left on public transport. Companies have also been prosecuted for retaining personal information beyond the recommended retention period.
To ensure that your business does not contravene the requirements of the Data Protection Act, electronic storage of all confidential data is to be highly recommended. In addition to this, ensure that the data is securely encrypted. It is also important to set retention periods for the information which will automatically alert an administrator when documents are due to be destroyed.
Finally, a policy must be put in place for the secure disposal of all paper documentation by using a confidential shredding service.
For advice and guidance on how to store your personal business data safely, please contact The IPC Group on 08081 45 46 47.