 |
||||||
 |
Data Protection Consulting Newsletter ssue 16 January
26, 2007 Smart data
protection solutions for business In this issue Guest article:
How to use pro-active
communication to protect your reputation Recent laptop thefts highlight
the risks not only of accessing
customer data via portable computer devices, but also of putting your
head in the sand if the worst happens. ...more... Online banking fraud statistics
were quoted by the FSA
and Apacs ...more... The Information Commissioner
took the step of naming and
shaming...more... Five useful tips to help
you maintain data
protection compliance...more... email: enquiries@dp-smart.co.uk Mandy Webster's new book
is available from the ICSA. Full
details available here. How to use pro-active communication to protect
your reputation Recent laptop
thefts highlight the risks not only of accessing customer
data via portable computer devices, but also of putting your
head in the sand if the worst happens.
News of the Nationwide
Building Society laptop theft raised concerns about how seriously
organisations take their obligation to protect confidential
data. However, the fact that Nationwide took three months to
come clean was what resulted in loss of confidence among customers
who no longer felt able to trust their professional advisor.
Companies should take note and act quickly to include communication
guidelines in their data protection policies and procedures
to safeguard their reputation.
The power of today’s
laptops and memory sticks means employees can work with huge
volumes of customer data while on the move. The convenience
of working anywhere, any time may be irresistible, but the
Data Protection Act requires that no-one have remote access
to confidential data unless - and only when - they absolutely
need to. The onus is on the employee and the company to make
this decision for every situation and every trip.
Many companies have a
long way to go to make their data protection policies specific
and comprehensive enough, and even more are failing to understand
how important it is to ensure compliance with those policies.
What smart companies have already realised is that making policies
and procedures work for them helps maintain consumer trust
and protect future business, and that effective communication
to employees and clients is an essential part of this challenge. Internal Communication
Guidelines
The nub of the issue is
this: assuming you have the right safeguards, how do you use
communication to make them work on a daily basis, in a dispersed
workforce? Here are some ideas: • Make
sure policies are
published in those company media most widely used by employees,
and that they are clearly articulated. Consider
links on the intranet homepage, client management pages and
even on frequently used HR space. • If
you have not yet developed
an intranet to cover the full extent of your company’s activities, consider doing so. The most effective intranet
will combine product
and service updates, internal and external news articles and
all personnel processes. Take communication or marketing advice
as well as technical
advice during development. • Don’t
rely solely on
policies printed in official printed HR or compliance files – these
will never be noticed. Do, however, consider including data protection
targets in annual performance targets and management reports. • Introduce
procedures which
encourage or obligate employees to include judgements which
protect consumer data into their daily routine.
These could include help-sheets attached
to laptops, reminders in project briefing documents and requirement to confirm compliance with
policies as part of the log on procedure to
access data. Client Communication
Guidelines
UK law does not currently
require companies to inform customers when their data is compromised
and some choose to conceal such losses. Companies are advised
to consider whether their reputations would be better protected
by more open and honest communication: • The
sooner you are seen
to care about putting right what has happened, the more likely customers are to believe what you are saying and the better
the chances of keeping their trust. This is the principle behind
all crisis management best
practice. • If
you already have active
and effective policies to keep customer data safe, make sure
these are clearly displayed and explained on
customer websites and in frequently asked
Q&A. The more customers know about what you are doing to
protect them,
the less likely they are to jump to damaging conclusions. • Give
customer facing staff
sufficient guidance and materials to help them communicate
with those affected by a compromise, keep their information updated,
and make sure
it is consistent with what you are saying in other media. • It
is essential that customers
feel you have communicated with them directly before they hear anything in the press or on TV, but external
media can provide an opportunity to show what you are doing
to put things right. Think very carefully
about how to handle external interest. Staying Ahead in a Business Where Trust is Everything When coupled with respect
for and active commitment to the principles within The Data
Protection Act, effective internal and external communication
can help you protect your reputation as well as your customers.
Those who realise this can develop practices and establish
a culture to build public
confidence, customer trust and business success. Back to top.
Caris Stoller at www.clearlycommunication.co.uk Online banking fraud statistics
were quoted by the FSA and Apacs (UK payments association)
when they gave evidence to a House of Lords science and technology
committee in the autumn of2006. They stated: an increase of
8,000% in incidents over the last two years. Also: during 2006
approximately £45 million was stolen through phishing. Meanwhile, the Fraud Act
2006 introduces a general offence of fraud by false representation.
This is a new initiative to deal with phishing which is currently
handled as a deception offence and it closes loopholes so that
steps preparatory to a phishing exercise, such as sending bulk
emails in the guise of a financial institution, will be a criminal offence. Back to top... The Information Commissioner
took the step of naming and shaming organisations that encourage
the illegal trade in personal data in his update to a report
he laid before parliament in May 2006. Notably
the Commissioner used his initial report, "What
price privacy?" to ask for custodial sentences to be introduced
for certain data protection offences, namely those involving
the illegal obtaining and disclosure of personal data. In December
2006 the Commissioner followed up the eport with "What
price privacy now?" Five
top tips to help you maintain data protection compliance
in 2007 • Use
Adobe Acrobat to write
procedures that can only be amended by Editor access. This will revent business users from changing procedures without
asking. • Sign
up for the free newsletter from the
Information Commissioner's website at www.ico.gov.uk. • Check
your website, or have it checked,
for compliance with e-commerce and DDA requirements. Research shows that 75%+ of corporate
websites are non-compliant. • Update
physical security policies and procedures
to include up to the minute examples like Blackberry, palm-tops and
mobile phones. • Record
the time you spend reading this
ezine as CPD hours. The information in this
newsletter is correct at 26 January 2007. The newsletter is intended
to be a guide to the latest developments. Data Protection Consulting
takes no responsibility for individual companies’ data
protection compliance activity based on this newsletter as
individual circumstances may vary. From time to time the
newsletter may include details of products and services offered
by DPC Services Limited. It may also include guest articles
written by experts in other areas. If you do not wish to
receive this information you may unsubscribe to this newsletter
by email to enquiries@dp-smart.co.uk Data Protection Consulting
is a trading name of DPC Services Limited..
|
|||||
 |
 |
 |
 |
|||
 |
 |
|||||
 |
 |
 |
 |
|||
 |
|
|
|
|
|
|