Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

TOP TIPS FOR AVOIDING THE DREADED DATA FINE

TOP TIPS FOR AVOIDING THE DREADED DATA FINE

Jonathan Armstrong, data regulation advisor for Absolute Software and technology lawyer at Cordery

The increase in corporate mobile device use, fuelled by Bring Your Own Device (BYOD) and advances in technology, means there are many more ways in which data can be lost; whether through employee mistakes or malicious theft and sale of confidential information. As a result, GRC (Governance, Risk and Compliance) is one of the biggest issues facing companies at the moment. Unfortunately, the average business hasn’t realised this and remaining on the right side of the law can be a real problem.

Under the Data Protection Act 1998, when a business loses personal data, the Information Commissioner’s Office (ICO) has the power to fine it up to £500,000 and even in extreme cases send individuals to prison. In addition the Act has criminal offences – 654 prosecutions have been commenced in the last 6 years by the Crown Prosecution Service alone. What makes this an even bigger issue is that personal data has a wide definition – any information that can be used to identify an individual.

For many businesses, their current device policies and approaches, such as BYOD or Corporately Owned Personally Enabled (COPE), can no longer handle the current compliance landscape. A proper policy and procedure must consist of more than telling staff how to access emails on their personal devices because that won’t protect the data stored on them. Firms need to take a holistic, three stage approach to ensuring that data is kept secure, consisting of education, policy and technology. But what do each of these steps consist of, and how can businesses implement them without impacting their mobile device use?

Implement a policy

Businesses need to have a clear data and device policy communicated to their staff and actioned. Within this, there must also be clarity on how data is classified and distinct data classification protocols. These shouldn’t be written in overly legal or technical language, but rather in a tone that all employees will understand. That way, both the company and employees are kept fully in the loop on what they’re allowed to do with their devices. Having a good policy in place ensures it is clear when employees have breached that policy.

Train and educate employees

The human factor is often the weakest link in a company’s data security, which is why it’s so important that employees are sufficiently trained and educated to avoid security slip ups. It’s vital to be able to demonstrate to your employees the impact that poor data security practices can have on the whole company, so that they understand why their support is necessary. However, it’s not as simple as pinning a piece of paper with a list of rules to the office wall or downloading a training package from the internet. Data security best practices need to be engaging, relevant and tailored to the jobs people are doing.

Utilise a technology solution

Despite setting out a cohesive device policy and thoroughly educating staff, there is still a vital third element. Employees will break the rules, both accidentally and purposefully. This is why it’s so important to have an underlying technology software solution which can protect the business in the event of a data breach. Businesses need to be able to persistently track, manage and secure all devices used at work, as well as the data stored on them. Most importantly the technology used will also allow a company to prove that compliance processes are being properly enforced and adhered to.

In light of the serious problems data breaches can cause, such as loss of reputation, a fine from the ICO and even possible criminal consequences, companies can’t take their data security for granted. And with such a clouded compliance environment, it’s now essential to take a three-pronged approach to make sure all bases are covered. Your policy has to be clear and accessible; the BYOD training you give your employees must be relevant to them and the organisation, and there must be proper data protection software in place. Business mobility can have countless business benefits, but it must be managed properly to counter risk and comply with regulation. And if a breach should occur, the employer may be able to escape sanctions if it can prove that it did everything it could – policy, training, and technology – to prevent the breach.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post