skip navigation

Latest News

  Digital Economy Act 2010 
  Software May Become Patentable 
  Trade Mark Registration Fails When Confusion Likely 
  US Copyright Judgment Does Not Bind UK Court 
  Intellectual Property Insolvency Clause Unfair 
  Using Internet Image Costs Firm Dear 
  Key Words Do Not Breach Trade Mark 
  Patent Stands Despite Disclosure of Art 
  Data Protection Fine Proposals 
  eBay Not Responsible for L'Oreal Counterfeit Sales 
More...

Data Loss - What to Do

The Information Commissioner's Office (ICO) has issued guidance for organisations that lose personal data, having reported that it has been notified of nearly 100 such incidents to date.

One of the less intuitively obvious suggestions is to think carefully about whether all the potentially affected people need to be notified. For example, notifying all your customers about a security glitch which in reality affects only a small proportion of them may produce a flood of enquiries and requests for further information from unaffected people, as well as possibly undermining their confidence in your organisation.

What is advisable is to obtain an accurate understanding as soon as possible of the scale of the loss and the potential impact on the people whose personal information has been lost. For example, if the information is such as to make identity fraud a possibility, it is likely to be more important to notify the people concerned than if the lost information is simply a list of names and addresses (which could be obtained easily from other sources).

The ICO advises that there are four important elements to consider when creating a breach management plan. These are:

1. Containment and recovery;
2. Assessment of ongoing risk;
3. Notification of breach; and
4. Evaluation and response.

The guidance is recommended reading for any organisation which holds personal data and should be considered as part of your data risk management strategy. It can be found here.

See also the ICO’s good practice guides on data security management.

In 2008, the Financial Services Authority published its report on data security in financial services. The report contains much useful information and advice on the maintenance of good data security.

View the eight data protection principles.

 

Data security is an important but widely neglected issue for many organisations. Failure to follow adequate data protection procedures can have severe consequences, not only from the point of view of fines, but also damage to reputation and possible claims for losses suffered by those whose data has been compromised. We can assist you in helping to make sure that your legal risks due to data loss are minimised.

Brian   McLelland


For legal reasons only registered users can add comments

 
The contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article.
 
 

Business Lawyers Ltd, 4 Bridle Gate, High Wycombe, HP11 2JH
Tel: 0845 1306608 Fax: 0870 622 0702

Regulated by the Solicitors Regulation Authority (SRA) | SRA ID: 425867
© Business Lawyers. All rights reserved.

Terms & Conditions | Privacy Policy

[smaller] Change text size [larger]