Within the last 24 hours Information Commissioner Christopher Graham announced the first new data protection breach fine totalling £160,000. The maximum fine available from the Information Commissioner is £500,000 but even at £160,000 it sends a strong message to the public and private sector. A fine of £60,000, £100,000 or £500,000 may be only a small change to some large corporations, like multinational banks, but it is the negative publicity that truly damages the company.

A data protection breach can cause; a fine of up to £500,000 or more, negative public relations, loss of clients and, more importantly, undermine a company’s long-term stability. It only takes one incident to shatter a hundred years of a corporation’s positive image. Share prices may drop overnight and it may take considerable time to brush off the negative PR.

Fine one was to Hertfordshire County Council for sending a highly confidential fax containing child sex abuse case information to the wrong fax number. The fax was intended for a Barristers’ Chambers but was sent to a member of the public in error. In this case it was a simple mistake but could Hertfordshire County Council have acted in a more secure manner? Instead of sending a fax, the documents could have been encrypted, burned onto a disc and send using a reputable courier.

Fine two was to Sheffield employment firm A4e for the loss of an unencrypted laptop containing 24,000 personal records and legal data. The laptop was stolen from an employee’s home and luckily the laptop was not broken into and the data remained untouched. This theft might have been intentional, we do not know. Operating system login prompts be can cracked, bypassed or the disc can be cloned. If full disc encryption was installed it would have added a very strong layer of security.

Companies need to wake up; a firewall and antivirus programme will not prevent data loss or a data breach. Anything travelling outside the company’s four walls should have high grade compliant encryption installed. This applies to CDs, USB sticks or laptops.

Some tips to protect yourself:
  • Encrypt files or use steganography (hiding within another file)
  • Keep access to a bare minimum and only give staff what they need
  • Make sure your operating system is up to date; download and install all available patches, hot fixes and service packs. Setting up auto update will do most of this for you
  • Use a reputable antivirus and firewall programme
  • Use a strong password; use numbers, letters and possibly symbols. Aim for a minimum of 8 mixed characters
  • Enable password lockout policies and logging of events
  • Ensure all Laptops have full disc encryption; this makes it very hard for someone to access your data
  • Do not let unencrypted data leave the office on a USB drive, CD or external hard drive. Encrypt it in advance
  • Make sure you update virus definitions frequently; enable auto update if this option is available