One of the most valuable things a company has is its information on customers and clients. Most businesses have information about past customers but also a potential pool of future customers through a mailing list.
So you have details which are valuable to your business but how secure is that information?
Can a member of staff download your customer database onto a memory stick?
Would you know that it had happened?
Can a member of staff email your database to themselves or someone else?
The ICO can prosecute staff who send emails containing personal information. A paralegal was sending emails to himself containing personal information about clients before he left one law firm to join another, the ICO prosecuted.
A car rental manager was prosecuted for selling information about customers, who had an accident, to a claims company. The car rental company picked up an irregularity and reported it to the ICO.
People are concerned about the security of their information and want to do business with organisations that hold their information securely and don't share it with other organisations. Do you systems ensure that your customer information remains yours and you know who has access to it at any time?
If you are concerned about your data security contact me at Audit & Risk Professionals and I will be happy to talk you through how we can help.
Sunday 21 September 2014
Sunday 7 September 2014
Data Protection - your access rights.
I have been giving some talks recently on the Data Protection Act and something that is mentioned frequently is when the Data Protection Act is used as an excuse not to provide information requested. Often people do not realise that they can request to see the information held on file from any organisation and the most the organisation can charge for this service is £10. So when you think a company has inaccurate information about or you want to know where they collected your information from, make the request.
An organisation then has 40 days to respond to your request. If the information is particularly difficult to collate they should explain this to you, they may also ask which specific information you are requesting. If the request is soon after a previous request they can refuse to provide the information on the basis that there would be no fundamental change.
If you need any advice, give me a call at Audit & Risk Professionals on 07828 124588 and I'll do what I can to help.
An organisation then has 40 days to respond to your request. If the information is particularly difficult to collate they should explain this to you, they may also ask which specific information you are requesting. If the request is soon after a previous request they can refuse to provide the information on the basis that there would be no fundamental change.
If you need any advice, give me a call at Audit & Risk Professionals on 07828 124588 and I'll do what I can to help.
Subscribe to:
Posts (Atom)