With the UK’s data protection watchdog – the Information Commissioner’s Office (ICO) – issuing its first monetary fines for data loss at the back end of 2010, the operational catastrophe from crippling fines and reputation damage is now a real and active threat to businesses.  Recruitment Company A4e was fined £60,000 accompanied by damaging national media coverage after an employee lost an unencrypted laptop containing the personal data of 24,000 customers. 

If a business handles personal information relating to individuals or companies then it has a legal obligation to take sufficient measures to protect that information.  So what action can SMEs in the midlands take to ensure they aren’t subject to the same treatment as A4e?

The first port of call is to ensure all static and mobile business technology is optimised.  Within the confines of the office, SMEs should be proactively ensuring firewalls and operating systems are working efficiently with thorough and regular virus checks, network patching and installation of security software updates.  All data should be consistently backed-up and held securely with anti-spyware software a good tool for combating attempts by cyber criminals to infiltrate network data.  Mobile devices such as laptops, hard drives, discs and USBs that carry confidential data off-site should all have changeable and strong levels of encryption to prevent access if in the wrong hands.

Secondly, businesses should put a strategy in place for dealing with any loss.  Data loss strategies should look to include an assessment of the risks, a data recovery plan, how to limit the damage and a plan for informing the correct authorities and individuals the data concerns.  If you are unfortunate to be breached or lose data then the penalties and impact on reputation may be less severe with a plan in place.  These strategies can also help to prevent any loss by highlighting any weaknesses.

Remember, you can proactively request an audit from the ICO to help determine whether you have the right policies and procedures in place for handling data and if they are being adhered to.

The responsibilities that come with handling data need to be high on the agenda otherwise you could be high on the news agenda.