Stories of data security breaches have become a regular feature in recent years. So much so that the Information Commissioner’s Office (ICO) said in a statement, “The law requires organisations to have appropriate measures in place to keep people’s personal data secure,” before adding, “Where there’s a suggestion that hasn’t happened, the ICO can investigate and enforce if necessary.” When it comes to the enforcement, the ICO stick to their word; there are details of 181 enforcement notices on their website, many with fines attached.
For those managing personal information, data security is a serious responsibility. The consequences of careless data protection practice can be devastating for individuals, organisations and shareholders. And things are only going to get tougher: when the EU General Data Protection Regulation (GDPR) is enforced in 2018.
Personal information at our fingertips
These days most of us use desktop and mobile devices and often we don’t realise that these all hold a wealth of personal information about us and/or the organisations we work for. As individuals, we know we have to take care of our information and not disclose anything sensitive about ourselves to others that would put our digital identities and physical wallets at risk. But how do we know that the businesses we are dealing with are taking as much care with our personal data as we do?
The Data Protection Act 1998 (DPA) defines UK law on the processing of data of identifiable living people. The DPA controls how personal information is used by organisation and there are rules called ‘data protection principles’ that have to be followed. The law provides a degree of comfort, but what can give us more confidence that our data is being protected?
The AMU provides added confidence for our customers in the shape of DataSeal.
One way is through the organisation’s commitment to data security and obtaining a recognised information security accreditation; such as DataSeal. DataSeal is the only recognised standard for information security management systems other than ISO 27001 in the UK and has twelve requirement areas.
The AMU was recently awarded the DataSeal data security accreditation for the fifth consecutive year after the unit demonstrated that it continues to meet the high standard and has exemplary rigour when it comes to the data security disciplines. These include data and risk management, traceability and responsibility, data protection controls, data use and outsourcing.
Having a data security accreditation does not mean that an organisation is protected from data security breaches, those threats are ever present. What the process does do is make us look and think about how we manage our customer’s personal data and what safeguards we can put in place to help mitigate and minimise identified risks. This certificate is the result of an annual audit that investigates and reports on the diligence of our data security policy and management.
The AMU, and Royal Mail as a business, respects the importance of protecting all of our assets and the information we look after on behalf of our customers. DataSeal is our information security conscience, that inaudible voice that reminds us every time we handle our customer data,’ is this safe’?
For more information about DataSeal visit: http://dma.org.uk/articles/dataseal