Digital Transformation

Data protection breaches ‘can affect company PR and reputation’

Allowing data to be lost or stolen will not win your customers’ approval.

While failing to comply with data protection legislation can land companies and individuals with a hefty fine and criminal prosecution, it can also have a longer-term impact on the smooth running of the business.

Graeme Batsman, director of Data Defender, pointed out that the consequences of a data protection breach include receiving bad PR, complaints from customers and shareholders, compliance issues and reductions in the price of the company’s shares.

He explained that the most common problem surrounding data storage concerns physical devices rather than networks.

"That’s what data security really means – it is more about backup, the structure of data and encryption of data. The average company I see [only] really cares about plonking in an anti-virus system," Mr Batsman commented.

"The problems companies get are more around the [fact that the] device goes missing, not around the virus getting them. Often a laptop disappears and then they didn’t protect it properly and [they therefore find themselves] being named and shamed."

This was the case with Lancashire Constabulary, which this month was handed a £70,000 fine after papers relating to a missing person were found on a street in Blackpool.

The police force failed to have "the necessary governance, policies and suitable training in place to keep the personal information they handle secure", according to the Information Commissioner’s Office’s head of enforcement, Steve Eckersley.

He added that the force needs to have effective data protection policies in place for both its electronic and paper-based systems if it is to operate with the trust and confidence of the public.

Mr Batsman noted that it may not be possible to protect all devices from theft or loss, just as most muggings and burglaries cannot be prevented, so companies will have to find other ways to ensure their data cannot fall into the wrong hands.

"The rule is that people need to embrace data encryption on pretty much everything that is possible. That is what the law is, but no one in the country really follows it. So they need to encrypt laptops, USB devices, CDs and think about locking phones, [because] data moves around."