The legal and practical reasons to create a data protection policy
Does your company have a data protection policy? A data protection policy reduces privacy breach risks and ensures your organisation is securely storing, accessing and distributing the personal data it collects. Here we offer several reasons to consider starting a data protection policy and key areas it should address.
Your legal responsibility
The Data Protection Act of 1998 provides individuals with the right to know what information is held about them and offers a framework to ensure personal information is handled properly. Under this Act, organisations are required to make sure personal data is:
- held securely
- not kept longer than necessary
- protected from unauthorised use
The Information Commissioner’s Office (ICO) enforces the Data Protection Act. Failure to comply may create criminal liability for your company’s officers.
Protecting customer privacy
A strong data protection policy not only helps ensure your compliance with the Data Protection Act, it also fosters customer loyalty. When SafeNet conducted a 2014 global survey of 4,500 individuals, they found that 57% of respondents were likely to stop using the services of an organisation that had suffered a privacy breach. To maintain your customer base, it’s crucial to maintain strict control over the ways customer data is retained, distributed, protected and destroyed.
Safeguarding employee records
Under the Data Protection Act, your business is also responsible for protecting the personal information collected from your employees. If an employee feels their information has been mishandled, they may also report your violation to the ICO. To remain compliant, your data protection policy should incorporate measures for safeguarding employee records. Keep personnel files under lock and key at all times and never share or distribute an employee’s information without their consent.
Safeguarding backup media
Backing up your data is a best practice. But the very next step should be protecting your back up media from theft. The portability of data tapes, hard drives and USB flash drives makes them convenient, but it also makes them easy to steal. Consider using a data tape rotation service to securely store your backups offsite in a purpose-built media vault.
Looking after paper records
Your data protection policy should also provide guidelines for keeping your paper files secure. A professional, offsite record storage service protects documents from theft, fire and flooding and only provides access to designated personnel in your organisation. When you use an offsite record storage service, your paper records are stored in a record centre equipped with the following features:
- secure loading and unloading areas
- perimeter security
- motion detectors and video surveillance
- fire suppression systems
Barcode technology tracks your document inventory during storage, and an online document request system allows your organisation’s authorised users to request file delivery and pickup.
Destroying confidential waste
Your data protection policy also needs a reliable method for disposing of confidential waste. Sensitive paperwork, redundant IT equipment and unwanted branded material should always be destroyed at the end of its retention lifecycle. A secure destruction service handles the destruction of your confidential business in accordance with the Data Protection Act. You should then receive a destruction confirmation certificate as proof of your organisation’s compliance.
It’s never too late to start a data protection policy for your company. Use your local records and information services provider as a resource to help you get started.
Archive Document Data Storage (ADDS) provides data protection solutions for businesses throughout London, Bristol, Bath, and Swindon. Please contact the File Queen for a free consultation or further information firstname.lastname@example.org