As head of the commercial team Luisa has a wealth of commercial law experience and advises clients…View Profile View all
As technology develops, organisations are collecting and storing more and more electronic data. We have seen the advent of ‘big data’, where the collection of large and often complex information creates challenges to traditional data processing, and have witnessed a number of high profile data leaks in the news recently involving some serious and very damaging security breaches.
The recent security breach of the Ashley Madison dating website is a good example of why maintaining data and system security is so important. Hackers stole 10 gigabytes of data, reportedly containing more than 30 million user names, addresses, phone numbers and email addresses which they then released online with serious ramifications for the individuals concerned.
In another recent case, an email, sent to subscribers of a newsletter from an NHS sexual health and HIV clinic, mistakenly contained the names and addresses of all 780 individuals who were on the mailing list. This meant that all of those who received the newsletter, many of whom were sufferers of HIV, could see each other’s names and contact details. This came, not as a result of a hacker, but simply due to a mistake by an employee.
While not all organisations hold data as sensitive as in those cases, the incidents are a reminder that a security breach and the legal ramifications of a data protection failure can be very serious not only for the individuals whose details are exposed but also for the organisation itself.
The Data Protection Act 1998 requires organisations to ensure that personal information is stored and used securely. With the increases in data storage, developments in technology and the ability of the Information Commissioner to impose real sanctions, organisations should be thinking carefully about information security.
Appropriate data security procedures will differ for every organisation depending on its size, function and nature of the data collected. Both technical and organisational safeguards are needed and organisations need to ensure clear accountability for the data they manage and the security measures they adopt. Examples of measures which organisations should consider include:
For further information about data protection compliance please contact our Commercial Team on 0113 220 6284 or email firstname.lastname@example.org