There seems to be almost monthly press coverage about a household name having to apologise and reassure its customers that their personal data is safe after a successful hacking attempt on its website or computer systems.
The positive piece in this is that it is raising the general awareness to businesses and consumers of the risks inherent in holding personal information on websites, social media channels and other online systems.
This should ensure that businesses in particular increase their investment in protecting customer data held in this way from this kind of attack.
What’s often forgotten about with these high profile cases is that there is a significant amount of personal client data held in other formats and on other medium which is also at risk of being accessed or falling into the wrong hands. Personal information held as paper records in filing cabinets or cupboards, on laptops, PCs, phones and other electronic devices as well as external hard drives and memory sticks is all vulnerable and needs to be protected.
More unusual reported data incidents
Whilst researching content for this blog post I came across some more unusual examples of reported “data mishaps” that I thought I would share:
- A laptop was shot in anger when the user couldn’t get a system to work properly
- A PC (that’s Personal Computer, not a Police Constable!) was thrown out of the window in an attempt to destroy evidence before a police raid
- A Company laptop fell off the back of a moped and was run over and completely crushed by a lorry
- A laptop was dropped in the bath whilst doing the company accounts
- A laptop was placed and then left on a car roof and crashed to the ground when the owner of the car drove off
The important thing to note is that in all of these instances data was still retrievable from the devices.
Identity Fraud – the statistics
CIFAS, the UK Fraud Prevention Service maintains the National Fraud Database and in a recent published report states that “the misuse and abuse of personal data is the most severe challenge faced by organisations and individuals”.
Figures published within this report reveal some startling figures in relation to identity fraud across the UK.
- During 2013 over 221,000 frauds were recorded on the national fraud database of which 60% related to identify fraud or facility take over fraud.
- This figure equates to 600 identity frauds being committed each day which is 25 per hour or one every 2 minutes and 24 seconds.
- Men in particular seem to be more prone to this type of fraud with 60% of all ID fraud victims being male.
The full report can be downloaded here.
Consequences to your business of getting it wrong
The Information Commissioners Office (ICO) has the power to apply a monetary penalty of up to £500,000 to businesses for breaches of the Data Protection Act and the Privacy and Electronic Communications Regulations.
Examples of some high profile cases include:
Brighton and Sussex University Hospital NHS Trust was fined £325,000 when highly sensitive personal data on tens of thousands of patients and staff (including some relating to HIV and Genito Urinary Medicine) was found on hard drives that were sold via an internet auction.
Maze Prison in Northern Ireland was fined £185,000 earlier this year when paperwork detailing personal and sensitive information on prisoners was found in a filing cabinet sold at auction.
In addition to these two cases there are numerous examples of businesses and public sector bodies being fined by the ICO for the loss of personal and sensitive data held on memory sticks, paper files left in briefcases on buses and other public transport.
How to protect your data and prevent identity fraud
The CIFAS website has some simple and useful steps that individuals can take to protect their own data and reduce the risk of identity fraud. Find out more here.
As a business there are a number of different ways that you can ensure the security and integrity of data held, particularly personal or sensitive customer information, to ensure you meet your obligations under Data Protection Legislation and don’t fall foul of a penalty from the ICO.
- Paper files should be stored securely when in use and if not required on a daily basis archived off-site in a secure facility
- Unwanted paper records should be securely destroyed by cross shredding and then pulped – more secure than shredding alone
- Hard drives, memory sticks, mobile phones and other devices all need to be shredded to ensure full data removal from them – it isn’t simply a case of just wiping or deleting the data.
- Records held on microfiche and microfilm need to be incinerated to ensure total destruction
Scan Film or Store provide a full range of data storage and secure data destruction solutions for businesses across a wide range of sectors including Education, Local Government Legal and Financial.
For more information about safeguarding the data you hold whether on paper records or electronic devices contact the team at Scan Film or Store.